From e4c8980a6e5b77f33ca5cc6d7d1c1689e5dac761 Mon Sep 17 00:00:00 2001 From: "Sk.Lv" Date: Mon, 21 Oct 2024 15:43:06 +0800 Subject: [PATCH 1/2] feat: alb supported quic and delete, modify protection --- go.mod | 2 +- ksyun/resource_ksyun_alb.go | 39 +++++++- ksyun/resource_ksyun_alb_listener.go | 25 +++++ ksyun/service_ksyun_alb.go | 107 +++++++++++++++++++++- ksyun/service_ksyun_alb_listener.go | 11 +++ website/docs/r/alb.html.markdown | 6 +- website/docs/r/alb_listener.html.markdown | 4 + 7 files changed, 189 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index deee0caf..5175f7da 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/terraform-providers/terraform-provider-ksyun go 1.17 require ( - github.com/KscSDK/ksc-sdk-go v0.5.0 + github.com/KscSDK/ksc-sdk-go v0.6.0 github.com/aws/aws-sdk-go v1.25.3 github.com/client9/misspell v0.3.4 github.com/fatih/color v1.7.0 diff --git a/ksyun/resource_ksyun_alb.go b/ksyun/resource_ksyun_alb.go index cc39d257..9b9338ae 100644 --- a/ksyun/resource_ksyun_alb.go +++ b/ksyun/resource_ksyun_alb.go @@ -81,8 +81,8 @@ func resourceKsyunAlb() *schema.Resource { // Computed: true, Required: true, ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{"standard", "advanced"}, false), - Description: "The version of the ALB. valid values:'standard', 'advanced'.", + ValidateFunc: validation.StringInSlice([]string{"standard", "medium", "advanced"}, false), + Description: "The version of the ALB. valid values:'standard', 'medium', 'advanced'.", }, "alb_type": { Type: schema.TypeString, @@ -139,6 +139,35 @@ func resourceKsyunAlb() *schema.Resource { DiffSuppressFunc: albInternalDiffSuppressFunc, Description: "The private ip address. It not be empty, when 'alb_type' as '**internal**'.", }, + "enabled_quic": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: "Enable quic.", + }, + + "enable_hpa": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Enable hpa.", + }, + + "delete_protection": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{"off", "on"}, false), + Description: "Whether delete protection is enabled or not. Values: `off` or `on`.", + }, + + "modification_protection": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{"off", "on"}, false), + Description: "Whether modification protection is enabled or not. Values: `off` or `on`.", + }, "state": { Type: schema.TypeString, @@ -217,6 +246,7 @@ func resourceKsyunAlbCreate(d *schema.ResourceData, meta interface{}) (err error } return resourceKsyunAlbRead(d, meta) } + func resourceKsyunAlbRead(d *schema.ResourceData, meta interface{}) (err error) { s := AlbService{meta.(*KsyunClient)} err = s.ReadAndSetAlb(d, resourceKsyunAlb()) @@ -225,6 +255,7 @@ func resourceKsyunAlbRead(d *schema.ResourceData, meta interface{}) (err error) } return } + func resourceKsyunAlbUpdate(d *schema.ResourceData, meta interface{}) (err error) { s := AlbService{meta.(*KsyunClient)} err = s.ModifyAlb(d, resourceKsyunAlb()) @@ -233,8 +264,12 @@ func resourceKsyunAlbUpdate(d *schema.ResourceData, meta interface{}) (err error } return resourceKsyunAlbRead(d, meta) } + func resourceKsyunAlbDelete(d *schema.ResourceData, meta interface{}) (err error) { s := AlbService{meta.(*KsyunClient)} + if d.Get("delete_protection") == "on" { + return fmt.Errorf("ALB %q is protected from deletion, if you want to delete it to set `delete_protection` as off", d.Id()) + } err = s.RemoveAlb(d) if err != nil { return fmt.Errorf("error on deleting ALB %q, %s", d.Id(), err) diff --git a/ksyun/resource_ksyun_alb_listener.go b/ksyun/resource_ksyun_alb_listener.go index bee4a6ec..76bc6aa5 100644 --- a/ksyun/resource_ksyun_alb_listener.go +++ b/ksyun/resource_ksyun_alb_listener.go @@ -313,6 +313,31 @@ func resourceKsyunAlbListener() *schema.Resource { Description: "The custom configure for listener. [The details](https://docs.ksyun.com/documents/42615?type=3).", }, + "ca_certificate_id": { + Type: schema.TypeString, + Optional: true, + Description: "The ID of Client's CA certificate.", + }, + + "ca_enabled": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether enable to CA certificate.", + }, + + "quic_listener_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The ID of QUIC listener.", + }, + + "enable_quic_upgrade": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether enable to QUIC upgrade.", + }, + // computed values "alb_listener_id": { Type: schema.TypeString, diff --git a/ksyun/service_ksyun_alb.go b/ksyun/service_ksyun_alb.go index f1214199..6b729afd 100644 --- a/ksyun/service_ksyun_alb.go +++ b/ksyun/service_ksyun_alb.go @@ -176,6 +176,50 @@ func (alb *AlbService) modifyAccessLogCall(d *schema.ResourceData, r *schema.Res return callback, err } +func (alb *AlbService) setAlbDeleteProtectionCall(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) { + req := map[string]interface{}{} + + callback = ApiCall{ + param: &req, + action: "SetAlbDeleteProtection", + executeCall: func(d *schema.ResourceData, client *KsyunClient, call ApiCall) (resp *map[string]interface{}, err error) { + req["AlbId"] = d.Id() + req["DeleteProtection"] = d.Get("delete_protection") + conn := client.slbconn + logger.Debug(logger.RespFormat, call.action, *(call.param)) + resp, err = conn.SetAlbDeleteProtection(call.param) + return resp, err + }, + afterCall: func(d *schema.ResourceData, client *KsyunClient, resp *map[string]interface{}, call ApiCall) (err error) { + logger.Debug(logger.RespFormat, call.action, *(call.param), *resp) + return err + }, + } + return callback, err +} + +func (alb *AlbService) setAlbModificationProtectionCall(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) { + req := map[string]interface{}{} + + callback = ApiCall{ + param: &req, + action: "SetAlbModificationProtection", + executeCall: func(d *schema.ResourceData, client *KsyunClient, call ApiCall) (resp *map[string]interface{}, err error) { + req["AlbId"] = d.Id() + req["ModificationProtection"] = d.Get("modification_protection") + conn := client.slbconn + logger.Debug(logger.RespFormat, call.action, *(call.param)) + resp, err = conn.SetAlbModificationProtection(call.param) + return resp, err + }, + afterCall: func(d *schema.ResourceData, client *KsyunClient, resp *map[string]interface{}, call ApiCall) (err error) { + logger.Debug(logger.RespFormat, call.action, *(call.param), *resp) + return err + }, + } + return callback, err +} + func (alb *AlbService) modifyAccessLogInfo(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) { req := map[string]interface{}{} @@ -238,6 +282,30 @@ func (alb *AlbService) ModifyAlb(d *schema.ResourceData, r *schema.Resource) (er calls = append(calls, modifyEnabledLogCall) } + if d.HasChange("delete_protection") { + modifyDeleteProtectionCall, err := alb.setAlbDeleteProtectionCall(d, r) + if err != nil { + return err + } + calls = append(calls, modifyDeleteProtectionCall) + } + + if d.HasChange("modification_protection") { + modifyModificationProtectionCall, err := alb.setAlbModificationProtectionCall(d, r) + if err != nil { + return err + } + calls = append(calls, modifyModificationProtectionCall) + } + + if d.HasChanges("alb_version", "enable_hpa") { + modifyAlbCall, err := alb.modifyAlbCall(d, r) + if err != nil { + return err + } + calls = append(calls, modifyAlbCall) + } + // tagService := TagService{s.client} // tagCall, err := tagService.ReplaceResourcesTagsWithResourceCall(d, r, "eip", true, false) // if err != nil { @@ -366,7 +434,11 @@ func (alb *AlbService) ReadAndSetAlb(d *schema.ResourceData, r *schema.Resource) return resource.NonRetryableError(fmt.Errorf("error on reading ALB %q, %s", d.Id(), callErr)) } } else { - SdkResponseAutoResourceData(d, r, data, chargeExtraForVpc(data)) + extra := chargeExtraForVpc(data) + extra["ModifyProtection"] = SdkResponseMapping{ + Field: "modification_protection", + } + SdkResponseAutoResourceData(d, r, data, extra) return nil } }) @@ -466,6 +538,39 @@ func (alb *AlbService) CreateAlb(d *schema.ResourceData, r *schema.Resource) (er return ksyunApiCallNew(calls, d, alb.client, true) } +func (alb *AlbService) modifyAlbCall(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) { + transform := map[string]SdkReqTransform{ + "alb_version": {}, + "enable_hpa": {}, + } + req, err := SdkRequestAutoMapping(d, r, false, transform, nil, SdkReqParameter{ + onlyTransform: true, + }) + if err != nil { + return callback, err + } + if len(req) > 0 { + req["AlbId"] = d.Id() + + callback = ApiCall{ + param: &req, + action: "ModifyAlb", + executeCall: func(d *schema.ResourceData, client *KsyunClient, call ApiCall) (resp *map[string]interface{}, err error) { + conn := client.slbconn + logger.Debug(logger.RespFormat, call.action, *(call.param)) + + resp, err = conn.ModifyAlb(call.param) + return resp, err + }, + afterCall: func(d *schema.ResourceData, client *KsyunClient, resp *map[string]interface{}, call ApiCall) (err error) { + logger.Debug(logger.RespFormat, call.action, *(call.param), *resp) + return + }, + } + } + return +} + func (alb *AlbService) CreateAlbBackendServerGroup(d *schema.ResourceData, r *schema.Resource) error { apiProcess := NewApiProcess(context.Background(), d, alb.client, true) diff --git a/ksyun/service_ksyun_alb_listener.go b/ksyun/service_ksyun_alb_listener.go index 65beec26..fe236d3f 100644 --- a/ksyun/service_ksyun_alb_listener.go +++ b/ksyun/service_ksyun_alb_listener.go @@ -264,6 +264,17 @@ func (s *AlbListenerService) modifyListenerCall(d *schema.ResourceData, r *schem Ignore: true, }, } + if d.HasChange("ca_enabled") { + transform["ca_certificate_id"] = SdkReqTransform{ + mapping: "CaCertificateId", + forceUpdateParam: true, + } + } + if d.HasChange("enable_quic_upgrade") { + transform["quic_listener_id"] = SdkReqTransform{ + forceUpdateParam: true, + } + } req, err := SdkRequestAutoMapping(d, r, true, transform, nil, SdkReqParameter{ onlyTransform: false, }) diff --git a/website/docs/r/alb.html.markdown b/website/docs/r/alb.html.markdown index 086f58d6..df50457c 100644 --- a/website/docs/r/alb.html.markdown +++ b/website/docs/r/alb.html.markdown @@ -56,13 +56,17 @@ resource "ksyun_eip_associate" "eip_bind" { The following arguments are supported: * `alb_type` - (Required, ForceNew) The type of the ALB, valid values:'public', 'internal'. -* `alb_version` - (Required, ForceNew) The version of the ALB. valid values:'standard', 'advanced'. +* `alb_version` - (Required, ForceNew) The version of the ALB. valid values:'standard', 'medium', 'advanced'. * `charge_type` - (Required, ForceNew) The charge type, valid values: 'PrePaidByHourUsage'. * `vpc_id` - (Required, ForceNew) The ID of the VPC. * `alb_name` - (Optional) The name of the ALB. +* `delete_protection` - (Optional) Whether delete protection is enabled or not. Values: `off` or `on`. +* `enable_hpa` - (Optional) Enable hpa. * `enabled_log` - (Optional) Whether log is enabled or not. Specific `klog_info` field when `enabled_log` is true. +* `enabled_quic` - (Optional, ForceNew) Enable quic. * `ip_version` - (Optional, ForceNew) IP version, 'ipv4' or 'ipv6'. * `klog_info` - (Optional) Indicate klog info, including log-project-name and log-pool-name, that use to bind log service for this alb process. +* `modification_protection` - (Optional) Whether modification protection is enabled or not. Values: `off` or `on`. * `private_ip_address` - (Optional, ForceNew) The private ip address. It not be empty, when 'alb_type' as '**internal**'. * `project_id` - (Optional) The ID of the project. * `state` - (Optional) The state of the ALB, Valid Values:'start', 'stop'. diff --git a/website/docs/r/alb_listener.html.markdown b/website/docs/r/alb_listener.html.markdown index ae0128fa..5c7eeddb 100644 --- a/website/docs/r/alb_listener.html.markdown +++ b/website/docs/r/alb_listener.html.markdown @@ -101,12 +101,16 @@ The following arguments are supported: * `protocol` - (Required, ForceNew) The protocol of listener. Valid Values: 'HTTP', 'HTTPS'. * `alb_listener_name` - (Optional) The name of the listener. * `alb_listener_state` - (Optional) The state of listener.Valid Values:'start', 'stop'. +* `ca_certificate_id` - (Optional) The ID of Client's CA certificate. +* `ca_enabled` - (Optional) Whether enable to CA certificate. * `certificate_id` - (Optional) The ID of certificate. * `config_content` - (Optional) The custom configure for listener. [The details](https://docs.ksyun.com/documents/42615?type=3). * `default_forward_rule` - (Optional) The default forward rule group. * `enable_http2` - (Optional) whether enable to HTTP2. +* `enable_quic_upgrade` - (Optional) Whether enable to QUIC upgrade. * `http_protocol` - (Optional, **Deprecated**) This field will be removed soon. Please use 'enable_http2' instead to choose a protocol. Backend Protocol, valid values:'HTTP1.0','HTTP1.1'. * `method` - (Optional) Forwarding mode of listener. Valid Values:'RoundRobin', 'LeastConnections'. +* `quic_listener_id` - (Optional) The ID of QUIC listener. * `redirect_alb_listener_id` - (Optional, **Deprecated**) This parameter is moved to 'default_forward_rule' block. The ID of the redirect ALB listener. * `session` - (Optional) Whether keeps session. Specific `session` block, if keeps session. * `tls_cipher_policy` - (Optional) TLS cipher policy, valid values:'TlsCipherPolicy1.0','TlsCipherPolicy1.1','TlsCipherPolicy1.2','TlsCipherPolicy1.2-strict','TlsCipherPolicy1.2-most-strict-with1.3'. From 08dbe74c8229eb1c44f75d2c9e7cc84cec7eb65a Mon Sep 17 00:00:00 2001 From: "Sk.Lv" Date: Mon, 21 Oct 2024 16:20:10 +0800 Subject: [PATCH 2/2] docs: changelog v1.17.1 --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cad5cd45..98e5b430 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## 1.17.1 (Oct 21, 2024) + +IMPROVEMENTS: + +- `ksyun_alb`: 新增`enable_hpa`字段,支持开启HPA、`delete_protection`字段,支持开启删除保护、`modification_protection`字段,支持开启修改保护、`enabled_quic`字段,支持开启QUIC. +- `ksyun_alb`: 支持创建中阶版 +- `ksyun_alb_listener`: 新增`ca_enabled` `ca_certificate_id`开启双向验证,`enable_quic_upgrade`开启QUIC升级, `quic_listener_id` QUIC监听器ID + ## 1.16.3 (Aug 22, 2024) BUGFIX: