Skip to content

Commit adb4620

Browse files
committed
add
1 parent 86c8d7e commit adb4620

File tree

5 files changed

+602
-459
lines changed

5 files changed

+602
-459
lines changed

tencentcloud/services/clb/resource_tc_clb_listener.go

Lines changed: 86 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -181,20 +181,46 @@ func ResourceTencentCloudClbListener() *schema.Resource {
181181
Description: "Specifies the type of health check source IP. `0` (default): CLB VIP. `1`: 100.64 IP range.",
182182
},
183183
"certificate_ssl_mode": {
184-
Type: schema.TypeString,
185-
Optional: true,
186-
ValidateFunc: tccommon.ValidateAllowedStringValue(CERT_SSL_MODE),
187-
Description: "Type of certificate. Valid values: `UNIDIRECTIONAL`, `MUTUAL`. NOTES: Only supports listeners of `HTTPS` and `TCP_SSL` protocol and must be set when it is available.",
184+
Type: schema.TypeString,
185+
Optional: true,
186+
ConflictsWith: []string{"multi_cert_info"},
187+
ValidateFunc: tccommon.ValidateAllowedStringValue(CERT_SSL_MODE),
188+
Description: "Type of certificate. Valid values: `UNIDIRECTIONAL`, `MUTUAL`. NOTES: Only supports listeners of `HTTPS` and `TCP_SSL` protocol and must be set when it is available.",
188189
},
189190
"certificate_id": {
190-
Type: schema.TypeString,
191-
Optional: true,
192-
Description: "ID of the server certificate. NOTES: Only supports listeners of `HTTPS` and `TCP_SSL` protocol and must be set when it is available.",
191+
Type: schema.TypeString,
192+
Optional: true,
193+
ConflictsWith: []string{"multi_cert_info"},
194+
Description: "ID of the server certificate. NOTES: Only supports listeners of `HTTPS` and `TCP_SSL` protocol and must be set when it is available.",
193195
},
194196
"certificate_ca_id": {
195-
Type: schema.TypeString,
196-
Optional: true,
197-
Description: "ID of the client certificate. NOTES: Only supports listeners of `HTTPS` and `TCP_SSL` protocol and must be set when the ssl mode is `MUTUAL`.",
197+
Type: schema.TypeString,
198+
Optional: true,
199+
ConflictsWith: []string{"multi_cert_info"},
200+
Description: "ID of the client certificate. NOTES: Only supports listeners of `HTTPS` and `TCP_SSL` protocol and must be set when the ssl mode is `MUTUAL`.",
201+
},
202+
"multi_cert_info": {
203+
Type: schema.TypeList,
204+
Optional: true,
205+
MaxItems: 1,
206+
ConflictsWith: []string{"certificate_ssl_mode", "certificate_id", "certificate_ca_id"},
207+
Description: "Certificate information. You can specify multiple server-side certificates with different algorithm types. This parameter is only applicable to HTTPS listeners with the SNI feature not enabled. Certificate and MultiCertInfo cannot be specified at the same time.",
208+
Elem: &schema.Resource{
209+
Schema: map[string]*schema.Schema{
210+
"ssl_mode": {
211+
Type: schema.TypeString,
212+
Required: true,
213+
ValidateFunc: tccommon.ValidateAllowedStringValue(CERT_SSL_MODE),
214+
Description: "Authentication type. Values: UNIDIRECTIONAL (one-way authentication), MUTUAL (two-way authentication).",
215+
},
216+
"cert_id_list": {
217+
Type: schema.TypeSet,
218+
Required: true,
219+
Description: "List of server certificate ID.",
220+
Elem: &schema.Schema{Type: schema.TypeString},
221+
},
222+
},
223+
},
198224
},
199225
"session_expire_time": {
200226
Type: schema.TypeInt,
@@ -307,6 +333,20 @@ func resourceTencentCloudClbListenerCreate(d *schema.ResourceData, meta interfac
307333
return fmt.Errorf("[CHECK][CLB listener][Create] check: certificated need to be set when protocol is TCPSSL")
308334
}
309335
}
336+
337+
multiCertificateSetFlag, multiCertInput, certErr := checkMultiCertificateInputPara(ctx, d, meta)
338+
if certErr != nil {
339+
return certErr
340+
}
341+
342+
if multiCertificateSetFlag {
343+
request.MultiCertInfo = multiCertInput
344+
} else {
345+
if protocol == CLB_LISTENER_PROTOCOL_TCPSSL {
346+
return fmt.Errorf("[CHECK][CLB listener][Create] check: certificated need to be set when protocol is TCPSSL")
347+
}
348+
}
349+
310350
scheduler := ""
311351
if v, ok := d.GetOk("scheduler"); ok {
312352
if v == CLB_LISTENER_SCHEDULER_IP_HASH {
@@ -527,10 +567,32 @@ func resourceTencentCloudClbListenerRead(d *schema.ResourceData, meta interface{
527567
}
528568

529569
if instance.Certificate != nil {
530-
_ = d.Set("certificate_ssl_mode", instance.Certificate.SSLMode)
531-
_ = d.Set("certificate_id", instance.Certificate.CertId)
532-
if instance.Certificate.CertCaId != nil {
533-
_ = d.Set("certificate_ca_id", instance.Certificate.CertCaId)
570+
// check single cert or multi cert
571+
if instance.Certificate.ExtCertIds != nil && len(instance.Certificate.ExtCertIds) > 0 {
572+
multiCertInfo := make([]map[string]interface{}, 0, 1)
573+
multiCert := make(map[string]interface{}, 0)
574+
certIds := make([]string, 0)
575+
if instance.Certificate.SSLMode != nil {
576+
multiCert["ssl_mode"] = *instance.Certificate.SSLMode
577+
}
578+
579+
if instance.Certificate.CertId != nil {
580+
certIds = append(certIds, *instance.Certificate.CertId)
581+
}
582+
583+
for _, item := range instance.Certificate.ExtCertIds {
584+
certIds = append(certIds, *item)
585+
}
586+
587+
multiCert["cert_id_list"] = certIds
588+
multiCertInfo = append(multiCertInfo, multiCert)
589+
_ = d.Set("multi_cert_info", multiCertInfo)
590+
} else {
591+
_ = d.Set("certificate_ssl_mode", instance.Certificate.SSLMode)
592+
_ = d.Set("certificate_id", instance.Certificate.CertId)
593+
if instance.Certificate.CertCaId != nil {
594+
_ = d.Set("certificate_ca_id", instance.Certificate.CertCaId)
595+
}
534596
}
535597
}
536598

@@ -637,6 +699,16 @@ func resourceTencentCloudClbListenerUpdate(d *schema.ResourceData, meta interfac
637699
request.Certificate = certificateInput
638700
}
639701

702+
multiCertificateSetFlag, multiCertInput, certErr := checkMultiCertificateInputPara(ctx, d, meta)
703+
if certErr != nil {
704+
return certErr
705+
}
706+
707+
if multiCertificateSetFlag {
708+
changed = true
709+
request.MultiCertInfo = multiCertInput
710+
}
711+
640712
if d.HasChange("target_type") {
641713
changed = true
642714
targetType := d.Get("target_type").(string)

tencentcloud/services/clb/resource_tc_clb_listener.md

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ resource "tencentcloud_clb_listener" "listener_tcp"{
103103
}
104104
```
105105

106-
HTTPS Listener
106+
HTTPS Listener with sigle certificate
107107

108108
```hcl
109109
resource "tencentcloud_clb_listener" "HTTPS_listener" {
@@ -118,6 +118,26 @@ resource "tencentcloud_clb_listener" "HTTPS_listener" {
118118
}
119119
```
120120

121+
HTTPS Listener with multi certificates
122+
123+
```hcl
124+
resource "tencentcloud_clb_listener" "HTTPS_listener" {
125+
clb_id = "lb-l6cp6jt4"
126+
listener_name = "test_listener"
127+
port = "80"
128+
protocol = "HTTPS"
129+
sni_switch = true
130+
131+
multi_cert_info {
132+
ssl_mode = "UNIDIRECTIONAL"
133+
cert_id_list = [
134+
"LCYouprI",
135+
"JVO1alRN"
136+
]
137+
}
138+
}
139+
```
140+
121141
TCP SSL Listener
122142

123143
```hcl

tencentcloud/services/clb/service_tencentcloud_clb.go

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1090,6 +1090,37 @@ func checkCertificateInputPara(ctx context.Context, d *schema.ResourceData, meta
10901090
}
10911091
return
10921092
}
1093+
1094+
func checkMultiCertificateInputPara(ctx context.Context, d *schema.ResourceData, meta interface{}) (multiCertificateSetFlag bool, multiCertPara *clb.MultiCertInfo, errRet error) {
1095+
multiCertificateSetFlag = false
1096+
var multiCertInfo clb.MultiCertInfo
1097+
1098+
if dMap, ok := helper.InterfacesHeadMap(d, "multi_cert_info"); ok {
1099+
if tmp, ok := dMap["ssl_mode"].(string); ok {
1100+
multiCertInfo.SSLMode = helper.String(tmp)
1101+
}
1102+
1103+
if tmp, ok := dMap["cert_id_list"]; ok {
1104+
tmpList := tmp.(*schema.Set).List()
1105+
if len(tmpList) < 1 {
1106+
errRet = fmt.Errorf("`cert_id_list` cannot be empty.")
1107+
return
1108+
}
1109+
1110+
for _, item := range tmpList {
1111+
var certInfo clb.CertInfo
1112+
certInfo.CertId = helper.String(item.(string))
1113+
multiCertInfo.CertList = append(multiCertInfo.CertList, &certInfo)
1114+
}
1115+
}
1116+
1117+
multiCertificateSetFlag = true
1118+
multiCertPara = &multiCertInfo
1119+
}
1120+
1121+
return
1122+
}
1123+
10931124
func processRetryErrMsg(err error) *resource.RetryError {
10941125
if e, ok := err.(*sdkErrors.TencentCloudSDKError); ok {
10951126
for _, msg := range []string{

0 commit comments

Comments
 (0)