Add support for enabling PROXY Protocol on Load Balancers.
This commit is contained in:
parent
f36984b608
commit
f18a621d03
|
@ -167,6 +167,11 @@ func dataSourceDigitalOceanLoadbalancer() *schema.Resource {
|
||||||
Computed: true,
|
Computed: true,
|
||||||
Description: "whether http requests will be redirected to https",
|
Description: "whether http requests will be redirected to https",
|
||||||
},
|
},
|
||||||
|
"enable_proxy_protocol": {
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Computed: true,
|
||||||
|
Description: "whether PROXY Protocol should be used to pass information from connecting client requests to the backend service",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -220,6 +225,7 @@ func dataSourceDigitalOceanLoadbalancerRead(d *schema.ResourceData, meta interfa
|
||||||
d.Set("status", loadbalancer.Status)
|
d.Set("status", loadbalancer.Status)
|
||||||
d.Set("droplet_tag", loadbalancer.Tag)
|
d.Set("droplet_tag", loadbalancer.Tag)
|
||||||
d.Set("redirect_http_to_https", loadbalancer.RedirectHttpToHttps)
|
d.Set("redirect_http_to_https", loadbalancer.RedirectHttpToHttps)
|
||||||
|
d.Set("enable_proxy_protocol", loadbalancer.EnableProxyProtocol)
|
||||||
|
|
||||||
if err := d.Set("droplet_ids", flattenDropletIds(loadbalancer.DropletIDs)); err != nil {
|
if err := d.Set("droplet_ids", flattenDropletIds(loadbalancer.DropletIDs)); err != nil {
|
||||||
return fmt.Errorf("[DEBUG] Error setting Load Balancer droplet_ids - error: %#v", err)
|
return fmt.Errorf("[DEBUG] Error setting Load Balancer droplet_ids - error: %#v", err)
|
||||||
|
|
|
@ -199,6 +199,12 @@ func resourceDigitalOceanLoadbalancer() *schema.Resource {
|
||||||
Default: false,
|
Default: false,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"enable_proxy_protocol": {
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Optional: true,
|
||||||
|
Default: false,
|
||||||
|
},
|
||||||
|
|
||||||
"ip": {
|
"ip": {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
|
@ -259,6 +265,7 @@ func buildLoadBalancerRequest(d *schema.ResourceData) (*godo.LoadBalancerRequest
|
||||||
Region: d.Get("region").(string),
|
Region: d.Get("region").(string),
|
||||||
Algorithm: d.Get("algorithm").(string),
|
Algorithm: d.Get("algorithm").(string),
|
||||||
RedirectHttpToHttps: d.Get("redirect_http_to_https").(bool),
|
RedirectHttpToHttps: d.Get("redirect_http_to_https").(bool),
|
||||||
|
EnableProxyProtocol: d.Get("enable_proxy_protocol").(bool),
|
||||||
ForwardingRules: expandForwardingRules(d.Get("forwarding_rule").([]interface{})),
|
ForwardingRules: expandForwardingRules(d.Get("forwarding_rule").([]interface{})),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -337,6 +344,7 @@ func resourceDigitalOceanLoadbalancerRead(d *schema.ResourceData, meta interface
|
||||||
d.Set("algorithm", loadbalancer.Algorithm)
|
d.Set("algorithm", loadbalancer.Algorithm)
|
||||||
d.Set("region", loadbalancer.Region.Slug)
|
d.Set("region", loadbalancer.Region.Slug)
|
||||||
d.Set("redirect_http_to_https", loadbalancer.RedirectHttpToHttps)
|
d.Set("redirect_http_to_https", loadbalancer.RedirectHttpToHttps)
|
||||||
|
d.Set("enable_proxy_protocol", loadbalancer.EnableProxyProtocol)
|
||||||
d.Set("droplet_tag", loadbalancer.Tag)
|
d.Set("droplet_tag", loadbalancer.Tag)
|
||||||
|
|
||||||
if err := d.Set("droplet_ids", flattenDropletIds(loadbalancer.DropletIDs)); err != nil {
|
if err := d.Set("droplet_ids", flattenDropletIds(loadbalancer.DropletIDs)); err != nil {
|
||||||
|
|
|
@ -294,6 +294,44 @@ func TestAccDigitalOceanLoadbalancer_stickySessions(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccDigitalOceanLoadbalancer_sslTermination(t *testing.T) {
|
||||||
|
var loadbalancer godo.LoadBalancer
|
||||||
|
rInt := acctest.RandInt()
|
||||||
|
privateKeyMaterial, leafCertMaterial, certChainMaterial := generateTestCertMaterial(t)
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckDigitalOceanLoadbalancerDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccCheckDigitalOceanLoadbalancerConfig_sslTermination(rInt, privateKeyMaterial, leafCertMaterial, certChainMaterial),
|
||||||
|
Check: resource.ComposeAggregateTestCheckFunc(
|
||||||
|
testAccCheckDigitalOceanLoadbalancerExists("digitalocean_loadbalancer.foobar", &loadbalancer),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "name", fmt.Sprintf("loadbalancer-%d", rInt)),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "region", "nyc3"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "forwarding_rule.#", "1"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "forwarding_rule.0.entry_port", "443"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "forwarding_rule.0.entry_protocol", "https"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "forwarding_rule.0.target_port", "80"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "forwarding_rule.0.target_protocol", "http"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "redirect_http_to_https", "true"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"digitalocean_loadbalancer.foobar", "enable_proxy_protocol", "true"),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func testAccCheckDigitalOceanLoadbalancerDestroy(s *terraform.State) error {
|
func testAccCheckDigitalOceanLoadbalancerDestroy(s *terraform.State) error {
|
||||||
client := testAccProvider.Meta().(*CombinedConfig).godoClient()
|
client := testAccProvider.Meta().(*CombinedConfig).godoClient()
|
||||||
|
|
||||||
|
@ -502,3 +540,36 @@ resource "digitalocean_loadbalancer" "foobar" {
|
||||||
droplet_ids = ["${digitalocean_droplet.foobar.id}"]
|
droplet_ids = ["${digitalocean_droplet.foobar.id}"]
|
||||||
}`, rInt, rInt)
|
}`, rInt, rInt)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testAccCheckDigitalOceanLoadbalancerConfig_sslTermination(rInt int, privateKeyMaterial, leafCert, certChain string) string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
resource "digitalocean_certificate" "foobar" {
|
||||||
|
name = "certificate-%d"
|
||||||
|
private_key = <<EOF
|
||||||
|
%s
|
||||||
|
EOF
|
||||||
|
leaf_certificate = <<EOF
|
||||||
|
%s
|
||||||
|
EOF
|
||||||
|
certificate_chain = <<EOF
|
||||||
|
%s
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "digitalocean_loadbalancer" "foobar" {
|
||||||
|
name = "loadbalancer-%d"
|
||||||
|
region = "nyc3"
|
||||||
|
redirect_http_to_https = true
|
||||||
|
enable_proxy_protocol = true
|
||||||
|
|
||||||
|
forwarding_rule {
|
||||||
|
entry_port = 443
|
||||||
|
entry_protocol = "https"
|
||||||
|
|
||||||
|
target_port = 80
|
||||||
|
target_protocol = "http"
|
||||||
|
|
||||||
|
certificate_id = "${digitalocean_certificate.foobar.id}"
|
||||||
|
}
|
||||||
|
}`, rInt, privateKeyMaterial, leafCert, certChain, rInt)
|
||||||
|
}
|
||||||
|
|
|
@ -107,6 +107,9 @@ Load Balancer. The `sticky_sessions` block is documented below. Only 1 sticky_se
|
||||||
* `redirect_http_to_https` - (Optional) A boolean value indicating whether
|
* `redirect_http_to_https` - (Optional) A boolean value indicating whether
|
||||||
HTTP requests to the Load Balancer on port 80 will be redirected to HTTPS on port 443.
|
HTTP requests to the Load Balancer on port 80 will be redirected to HTTPS on port 443.
|
||||||
Default value is `false`.
|
Default value is `false`.
|
||||||
|
* `enable_proxy_protocol` - (Optional) A boolean value indicating whether PROXY
|
||||||
|
Protocol should be used to pass information from connecting client requests to
|
||||||
|
the backend service. Default value is `false`.
|
||||||
* `droplet_ids` (Optional) - A list of the IDs of each droplet to be attached to the Load Balancer.
|
* `droplet_ids` (Optional) - A list of the IDs of each droplet to be attached to the Load Balancer.
|
||||||
* `droplet_tag` (Optional) - The name of a Droplet tag corresponding to Droplets to be assigned to the Load Balancer.
|
* `droplet_tag` (Optional) - The name of a Droplet tag corresponding to Droplets to be assigned to the Load Balancer.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue