feature: lb https redirect

IBM-Cloud · Sep 16, 2021 · 425c5ad · 425c5ad
1 parent a74006a
commit 425c5ad
Show file tree

Hide file tree

Showing 5 changed files with 355 additions and 44 deletions.
diff --git a/ibm/resource_ibm_is_lb_listener.go b/ibm/resource_ibm_is_lb_listener.go
@@ -15,19 +15,22 @@ import (
 )
 
 const (
-	isLBListenerLBID                = "lb"
-	isLBListenerPort                = "port"
-	isLBListenerProtocol            = "protocol"
-	isLBListenerCertificateInstance = "certificate_instance"
-	isLBListenerConnectionLimit     = "connection_limit"
-	isLBListenerDefaultPool         = "default_pool"
-	isLBListenerStatus              = "status"
-	isLBListenerDeleting            = "deleting"
-	isLBListenerDeleted             = "done"
-	isLBListenerProvisioning        = "provisioning"
-	isLBListenerAcceptProxyProtocol = "accept_proxy_protocol"
-	isLBListenerProvisioningDone    = "done"
-	isLBListenerID                  = "listener_id"
+	isLBListenerLBID                    = "lb"
+	isLBListenerPort                    = "port"
+	isLBListenerProtocol                = "protocol"
+	isLBListenerCertificateInstance     = "certificate_instance"
+	isLBListenerConnectionLimit         = "connection_limit"
+	isLBListenerDefaultPool             = "default_pool"
+	isLBListenerStatus                  = "status"
+	isLBListenerDeleting                = "deleting"
+	isLBListenerDeleted                 = "done"
+	isLBListenerProvisioning            = "provisioning"
+	isLBListenerAcceptProxyProtocol     = "accept_proxy_protocol"
+	isLBListenerProvisioningDone        = "done"
+	isLBListenerID                      = "listener_id"
+	isLBListenerHTTPSRedirectListener   = "https_redirect_listener"
+	isLBListenerHTTPSRedirectStatusCode = "https_redirect_status_code"
+	isLBListenerHTTPSRedirectURI        = "https_redirect_uri"
 )
 
 func resourceIBMISLBListener() *schema.Resource {
@@ -81,6 +84,27 @@ func resourceIBMISLBListener() *schema.Resource {
 				Description: "Listener will forward proxy protocol",
 			},
 
+			isLBListenerHTTPSRedirectStatusCode: {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				RequiredWith: []string{isLBListenerHTTPSRedirectListener},
+				Description:  "The HTTP status code to be returned in the redirect response",
+			},
+
+			isLBListenerHTTPSRedirectURI: {
+				Type:         schema.TypeString,
+				Optional:     true,
+				RequiredWith: []string{isLBListenerHTTPSRedirectStatusCode, isLBListenerHTTPSRedirectListener},
+				Description:  "Target URI where traffic will be redirected",
+			},
+
+			isLBListenerHTTPSRedirectListener: {
+				Type:         schema.TypeString,
+				Optional:     true,
+				RequiredWith: []string{isLBListenerHTTPSRedirectStatusCode},
+				Description:  "ID of the listener that will be set as http redirect target",
+			},
+
 			isLBListenerConnectionLimit: {
 				Type:         schema.TypeInt,
 				Optional:     true,
@@ -175,19 +199,37 @@ func resourceIBMISLBListenerCreate(d *schema.ResourceData, meta interface{}) err
 		connLimit = int64(limit.(int))
 	}
 
+	var httpStatusCode int64
+
+	if statusCode, ok := d.GetOk(isLBListenerHTTPSRedirectStatusCode); ok {
+		httpStatusCode = int64(statusCode.(int))
+	}
+
+	var uri string
+
+	if redirecturi, ok := d.GetOk(isLBListenerHTTPSRedirectURI); ok {
+		uri = redirecturi.(string)
+	}
+
+	var listener string
+
+	if redirectListener, ok := d.GetOk(isLBListenerHTTPSRedirectListener); ok {
+		listener = redirectListener.(string)
+	}
+
 	isLBKey := "load_balancer_key_" + lbID
 	ibmMutexKV.Lock(isLBKey)
 	defer ibmMutexKV.Unlock(isLBKey)
 
-	err := lbListenerCreate(d, meta, lbID, protocol, defPool, certificateCRN, port, connLimit, acceptProxyProtocol)
+	err := lbListenerCreate(d, meta, lbID, protocol, defPool, certificateCRN, listener, uri, port, connLimit, httpStatusCode, acceptProxyProtocol)
 	if err != nil {
 		return err
 	}
 
 	return resourceIBMISLBListenerRead(d, meta)
 }
 
-func lbListenerCreate(d *schema.ResourceData, meta interface{}, lbID, protocol, defPool, certificateCRN string, port, connLimit int64, acceptProxyProtocol bool) error {
+func lbListenerCreate(d *schema.ResourceData, meta interface{}, lbID, protocol, defPool, certificateCRN, listener, uri string, port, connLimit, httpStatusCode int64, acceptProxyProtocol bool) error {
 	sess, err := vpcClient(meta)
 	if err != nil {
 		return err
@@ -203,6 +245,19 @@ func lbListenerCreate(d *schema.ResourceData, meta interface{}, lbID, protocol,
 			ID: &defPool,
 		}
 	}
+
+	if listener != "" {
+		httpsRedirect := &vpcv1.LoadBalancerListenerHTTPSRedirectPrototype{
+			HTTPStatusCode: &httpStatusCode,
+			Listener: &vpcv1.LoadBalancerListenerIdentity{
+				ID: &listener,
+			},
+		}
+		if uri != "" {
+			httpsRedirect.URI = &uri
+		}
+		options.HTTPSRedirect = httpsRedirect
+	}
 	if certificateCRN != "" {
 		options.CertificateInstance = &vpcv1.CertificateInstanceIdentity{
 			CRN: &certificateCRN,
@@ -315,6 +370,13 @@ func lbListenerGet(d *schema.ResourceData, meta interface{}, lbID, lbListenerID
 	if lbListener.DefaultPool != nil {
 		d.Set(isLBListenerDefaultPool, *lbListener.DefaultPool.ID)
 	}
+	if lbListener.HTTPSRedirect != nil {
+		d.Set(isLBListenerHTTPSRedirectStatusCode, *lbListener.HTTPSRedirect.HTTPStatusCode)
+		d.Set(isLBListenerHTTPSRedirectListener, *lbListener.HTTPSRedirect.Listener.ID)
+		if lbListener.HTTPSRedirect.URI != nil {
+			d.Set(isLBListenerHTTPSRedirectURI, *lbListener.HTTPSRedirect.URI)
+		}
+	}
 	if lbListener.CertificateInstance != nil {
 		d.Set(isLBListenerCertificateInstance, *lbListener.CertificateInstance.CRN)
 	}
@@ -357,8 +419,8 @@ func lbListenerUpdate(d *schema.ResourceData, meta interface{}, lbID, lbListener
 		return err
 	}
 	hasChanged := false
-	var certificateInstance, defPool, protocol string
-	var connLimit, port int64
+	var certificateInstance, defPool, protocol, listener, uri string
+	var connLimit, port, httpStatusCode int64
 	updateLoadBalancerListenerOptions := &vpcv1.UpdateLoadBalancerListenerOptions{
 		LoadBalancerID: &lbID,
 		ID:             &lbListenerID,
@@ -385,6 +447,32 @@ func lbListenerUpdate(d *schema.ResourceData, meta interface{}, lbID, lbListener
 		}
 		hasChanged = true
 	}
+	httpsRedirectRemoved := false
+	httpsURIRemoved := false
+	if d.HasChange(isLBListenerHTTPSRedirectListener) || d.HasChange(isLBListenerHTTPSRedirectURI) || d.HasChange(isLBListenerHTTPSRedirectStatusCode) {
+		hasChanged = true
+		listener = d.Get(isLBListenerHTTPSRedirectListener).(string)
+		httpStatusCode = int64(d.Get(isLBListenerHTTPSRedirectStatusCode).(int))
+		uri = d.Get(isLBListenerHTTPSRedirectURI).(string)
+		if listener == "" {
+			httpsRedirectRemoved = true
+		} else {
+			HTTPSRedirect := &vpcv1.LoadBalancerListenerHTTPSRedirectPatch{
+				HTTPStatusCode: &httpStatusCode,
+				Listener:       &vpcv1.LoadBalancerListenerIdentityByID{ID: &listener},
+			}
+			if d.HasChange(isLBListenerHTTPSRedirectURI) {
+				if uri == "" {
+					HTTPSRedirect.URI = nil
+					httpsURIRemoved = true
+				} else {
+					HTTPSRedirect.URI = &uri
+				}
+			}
+
+			loadBalancerListenerPatchModel.HTTPSRedirect = HTTPSRedirect
+		}
+	}
 	if d.HasChange(isLBListenerPort) {
 		port = int64(d.Get(isLBListenerPort).(int))
 		loadBalancerListenerPatchModel.Port = &port
@@ -414,6 +502,12 @@ func lbListenerUpdate(d *schema.ResourceData, meta interface{}, lbID, lbListener
 		if err != nil {
 			return fmt.Errorf("Error calling asPatch for LoadBalancerListenerPatch: %s", err)
 		}
+		if httpsRedirectRemoved {
+			loadBalancerListenerPatch["https_redirect"] = nil
+		}
+		if httpsURIRemoved {
+			loadBalancerListenerPatch["https_redirect"].(map[string]interface{})["uri"] = nil
+		}
 		updateLoadBalancerListenerOptions.LoadBalancerListenerPatch = loadBalancerListenerPatch
 
 		isLBKey := "load_balancer_key_" + lbID