diff --git a/.changelog/2927.txt b/.changelog/2927.txt new file mode 100644 index 0000000000..a7eb31c301 --- /dev/null +++ b/.changelog/2927.txt @@ -0,0 +1,23 @@ +```release-note:enhancement +resource/tencentcloud_gaap_http_domain: add params `group_id` and `is_default_server` +``` + +```release-note:enhancement +resource/tencentcloud_gaap_layer7_listener: add params `group_id`, `tls_support_versions` and `tls_ciphers` +``` + +```release-note:enhancement +datasource/tencentcloud_gaap_http_domains: add param `is_default_server` +``` + +```release-note:enhancement +datasource/tencentcloud_gaap_layer7_listeners: add params `group_id`, `tls_support_versions` and `tls_ciphers` +``` + +```release-note:enhancement +datasource/tencentcloud_gaap_proxy_detail: add param `is_support_tls_choice` +``` + +```release-note:enhancement +datasource/tencentcloud_gaap_proxy_statistics: update `metric_names` +``` \ No newline at end of file diff --git a/tencentcloud/services/gaap/data_source_tc_gaap_http_domains.go b/tencentcloud/services/gaap/data_source_tc_gaap_http_domains.go index 2a09746cef..73f90589ac 100644 --- a/tencentcloud/services/gaap/data_source_tc_gaap_http_domains.go +++ b/tencentcloud/services/gaap/data_source_tc_gaap_http_domains.go @@ -102,6 +102,11 @@ func DataSourceTencentCloudGaapHttpDomains() *schema.Resource { Computed: true, Description: "ID of the SSL certificate.", }, + "is_default_server": { + Type: schema.TypeBool, + Computed: true, + Description: "Whether to use as the default domain name.", + }, }, }, }, @@ -191,6 +196,7 @@ func dataSourceTencentCloudGaapHttpDomainsRead(d *schema.ResourceData, m interfa "realserver_certificate_id": realserverCertificateId, "realserver_certificate_ids": realserverCertificateIds, "realserver_certificate_domain": dr.RealServerCertificateDomain, + "is_default_server": dr.IsDefaultServer, } domains = append(domains, m) diff --git a/tencentcloud/services/gaap/data_source_tc_gaap_http_domains_test.go b/tencentcloud/services/gaap/data_source_tc_gaap_http_domains_test.go index 84b3cce387..6e20429e59 100644 --- a/tencentcloud/services/gaap/data_source_tc_gaap_http_domains_test.go +++ b/tencentcloud/services/gaap/data_source_tc_gaap_http_domains_test.go @@ -13,7 +13,7 @@ import ( func TestAccDataSourceTencentCloudGaapHttpDomains_basic(t *testing.T) { t.Parallel() resource.Test(t, resource.TestCase{ - PreCheck: func() { tcacctest.AccPreCheckCommon(t, tcacctest.ACCOUNT_TYPE_PREPAY) }, + PreCheck: func() { tcacctest.AccPreCheck(t) }, Providers: tcacctest.AccProviders, Steps: []resource.TestStep{ { @@ -28,6 +28,7 @@ func TestAccDataSourceTencentCloudGaapHttpDomains_basic(t *testing.T) { resource.TestCheckResourceAttrSet("data.tencentcloud_gaap_http_domains.foo", "domains.0.realserver_certificate_ids.#"), resource.TestCheckResourceAttrSet("data.tencentcloud_gaap_http_domains.foo", "domains.0.basic_auth"), resource.TestCheckResourceAttrSet("data.tencentcloud_gaap_http_domains.foo", "domains.0.gaap_auth"), + resource.TestCheckResourceAttrSet("data.tencentcloud_gaap_http_domains.foo", "domains.0.is_default_server"), ), }, }, diff --git a/tencentcloud/services/gaap/data_source_tc_gaap_layer7_listeners.go b/tencentcloud/services/gaap/data_source_tc_gaap_layer7_listeners.go index 668049c083..4dea296c5b 100644 --- a/tencentcloud/services/gaap/data_source_tc_gaap_layer7_listeners.go +++ b/tencentcloud/services/gaap/data_source_tc_gaap_layer7_listeners.go @@ -28,6 +28,11 @@ func DataSourceTencentCloudGaapLayer7Listeners() *schema.Resource { Optional: true, Description: "ID of the GAAP proxy to be queried.", }, + "group_id": { + Type: schema.TypeString, + Optional: true, + Description: "Group id.", + }, "listener_id": { Type: schema.TypeString, Optional: true, @@ -119,6 +124,18 @@ func DataSourceTencentCloudGaapLayer7Listeners() *schema.Resource { Computed: true, Description: "Creation time of the layer7 listener.", }, + "tls_support_versions": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + Description: "TLS version, optional TLSv1, TLSv1.1, TLSv1.2, TLSv1.3.", + }, + "tls_ciphers": { + Type: schema.TypeString, + Computed: true, + Description: "Password Suite, optional GAAP_TLS_CIPHERS_STRICT, GAAP_TLS_CIPHERS_GENERAL, GAAP_TLS_CIPHERS_WIDE(default).", + }, }, }, }, @@ -135,6 +152,7 @@ func dataSourceTencentCloudGaapLayer7ListenersRead(d *schema.ResourceData, m int var ( proxyId *string + groupId *string listenerId *string name *string port *int @@ -145,12 +163,15 @@ func dataSourceTencentCloudGaapLayer7ListenersRead(d *schema.ResourceData, m int if raw, ok := d.GetOk("proxy_id"); ok { proxyId = helper.String(raw.(string)) } + if raw, ok := d.GetOk("group_id"); ok { + groupId = helper.String(raw.(string)) + } if raw, ok := d.GetOk("listener_id"); ok { listenerId = helper.String(raw.(string)) } - if proxyId == nil && listenerId == nil { - return errors.New("proxy_id or listener_id must be set") + if proxyId == nil && groupId == nil && listenerId == nil { + return errors.New("One of proxy_id, group_id or listener_id must be set") } if raw, ok := d.GetOk("listener_name"); ok { @@ -164,7 +185,7 @@ func dataSourceTencentCloudGaapLayer7ListenersRead(d *schema.ResourceData, m int switch protocol { case "HTTP": - httpListeners, err := service.DescribeHTTPListeners(ctx, proxyId, listenerId, name, port) + httpListeners, err := service.DescribeHTTPListeners(ctx, proxyId, groupId, listenerId, name, port) if err != nil { return err } @@ -190,20 +211,28 @@ func dataSourceTencentCloudGaapLayer7ListenersRead(d *schema.ResourceData, m int } ids = append(ids, *ls.ListenerId) - - listeners = append(listeners, map[string]interface{}{ + m := map[string]interface{}{ "protocol": "HTTP", "id": *ls.ListenerId, - "proxy_id": *ls.ProxyId, "name": *ls.ListenerName, "port": *ls.Port, "status": *ls.ListenerStatus, "create_time": helper.FormatUnixTime(*ls.CreateTime), - }) + } + + if ls.ProxyId != nil { + m["proxy_id"] = *ls.ProxyId + } + if ls.GroupId != nil { + m["group_id"] = *ls.GroupId + } + + listeners = append(listeners, m) + } case "HTTPS": - httpsListeners, err := service.DescribeHTTPSListeners(ctx, proxyId, listenerId, name, port) + httpsListeners, err := service.DescribeHTTPSListeners(ctx, proxyId, groupId, listenerId, name, port) if err != nil { return err } @@ -255,7 +284,6 @@ func dataSourceTencentCloudGaapLayer7ListenersRead(d *schema.ResourceData, m int "protocol": "HTTPS", "id": ls.ListenerId, "name": ls.ListenerName, - "proxy_id": ls.ProxyId, "port": ls.Port, "status": ls.ListenerStatus, "certificate_id": ls.CertificateId, @@ -264,6 +292,14 @@ func dataSourceTencentCloudGaapLayer7ListenersRead(d *schema.ResourceData, m int "create_time": helper.FormatUnixTime(*ls.CreateTime), "client_certificate_id": clientCertificateId, "client_certificate_ids": polyClientCertificateIds, + "tls_ciphers": ls.TLSCiphers, + "tls_support_versions": helper.PStrings(ls.TLSSupportVersion), + } + if ls.ProxyId != nil { + m["proxy_id"] = *ls.ProxyId + } + if ls.GroupId != nil { + m["group_id"] = *ls.GroupId } listeners = append(listeners, m) diff --git a/tencentcloud/services/gaap/data_source_tc_gaap_proxy_detail.go b/tencentcloud/services/gaap/data_source_tc_gaap_proxy_detail.go index d45e096132..c865afbdcf 100644 --- a/tencentcloud/services/gaap/data_source_tc_gaap_proxy_detail.go +++ b/tencentcloud/services/gaap/data_source_tc_gaap_proxy_detail.go @@ -345,6 +345,11 @@ func DataSourceTencentCloudGaapProxyDetail() *schema.Resource { Computed: true, Description: "Property bitmap, where each bit represents a property, where:0 indicates that the feature is not supported;1, indicates support for this feature.The meaning of the feature bitmap is as follows (from right to left):The first bit supports 4-layer acceleration;The second bit supports 7-layer acceleration;The third bit supports Http3 access;The fourth bit supports IPv6;The fifth bit supports high-quality BGP access;The 6th bit supports three network access;The 7th bit supports QoS acceleration in the access segment.Note: This field may return null, indicating that a valid value cannot be obtained.Note: This field may return null, indicating that a valid value cannot be obtained.", }, + "is_support_tls_choice": { + Type: schema.TypeInt, + Computed: true, + Description: "Whether to allow TLS configuration.0-no support, 1-expressed support.", + }, }, }, }, @@ -629,6 +634,9 @@ func dataSourceTencentCloudGaapProxyDetailRead(d *schema.ResourceData, meta inte if proxyDetail.FeatureBitmap != nil { proxyInfoMap["feature_bitmap"] = proxyDetail.FeatureBitmap } + if proxyDetail.IsSupportTLSChoice != nil { + proxyInfoMap["is_support_tls_choice"] = proxyDetail.IsSupportTLSChoice + } _ = d.Set("proxy_detail", []interface{}{proxyInfoMap}) } diff --git a/tencentcloud/services/gaap/data_source_tc_gaap_proxy_statistics.go b/tencentcloud/services/gaap/data_source_tc_gaap_proxy_statistics.go index 045c69d7c2..eba17947fc 100644 --- a/tencentcloud/services/gaap/data_source_tc_gaap_proxy_statistics.go +++ b/tencentcloud/services/gaap/data_source_tc_gaap_proxy_statistics.go @@ -40,7 +40,7 @@ func DataSourceTencentCloudGaapProxyStatistics() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, }, - Description: "Metric Names. Valid values: InBandwidth,OutBandwidth, Concurrent, InPackets, OutPackets, PacketLoss, Latency, HttpQPS, HttpsQPS.", + Description: "Metric Names. Valid values: InBandwidth,OutBandwidth, Concurrent, InPackets, OutPackets, PacketLoss, Latency, HttpQPS, HttpsQPS, HttpQPSPercent, HttpsQPSPercent.", }, "granularity": { diff --git a/tencentcloud/services/gaap/resource_tc_gaap_http_domain.go b/tencentcloud/services/gaap/resource_tc_gaap_http_domain.go index 393909ae86..a08b72cb9d 100644 --- a/tencentcloud/services/gaap/resource_tc_gaap_http_domain.go +++ b/tencentcloud/services/gaap/resource_tc_gaap_http_domain.go @@ -31,6 +31,18 @@ func ResourceTencentCloudGaapHttpDomain() *schema.Resource { ForceNew: true, Description: "ID of the layer7 listener.", }, + "group_id": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "Group Id.", + }, + "is_default_server": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Whether to use as the default domain name, the default is false.", + }, "domain": { Type: schema.TypeString, Required: true, @@ -127,6 +139,7 @@ func resourceTencentCloudGaapHttpDomainCreate(d *schema.ResourceData, m interfac listenerId := d.Get("listener_id").(string) domain := d.Get("domain").(string) + isDefaultServer := d.Get("is_default_server").(bool) service := GaapService{client: m.(tccommon.ProviderMeta).GetAPIV3Conn()} @@ -134,7 +147,7 @@ func resourceTencentCloudGaapHttpDomainCreate(d *schema.ResourceData, m interfac protocol string forwardProtocol string ) - httpListeners, err := service.DescribeHTTPListeners(ctx, nil, &listenerId, nil, nil) + httpListeners, err := service.DescribeHTTPListeners(ctx, nil, nil, &listenerId, nil, nil) if err != nil { return err } @@ -142,7 +155,7 @@ func resourceTencentCloudGaapHttpDomainCreate(d *schema.ResourceData, m interfac protocol = "HTTP" } - httpsListeners, err := service.DescribeHTTPSListeners(ctx, nil, &listenerId, nil, nil) + httpsListeners, err := service.DescribeHTTPSListeners(ctx, nil, nil, &listenerId, nil, nil) if err != nil { return err } @@ -156,7 +169,7 @@ func resourceTencentCloudGaapHttpDomainCreate(d *schema.ResourceData, m interfac switch protocol { case "HTTP": - if err := service.CreateHTTPDomain(ctx, listenerId, domain); err != nil { + if err := service.CreateHTTPDomain(ctx, listenerId, domain, isDefaultServer); err != nil { return err } @@ -244,7 +257,7 @@ func resourceTencentCloudGaapHttpDomainCreate(d *schema.ResourceData, m interfac return errors.New("when use gaap auth, gaap auth id should be set") } - if err := service.CreateHTTPSDomain(ctx, listenerId, domain, certificateId, polyClientCertificateIds); err != nil { + if err := service.CreateHTTPSDomain(ctx, listenerId, domain, certificateId, polyClientCertificateIds, isDefaultServer); err != nil { return err } @@ -350,6 +363,7 @@ func resourceTencentCloudGaapHttpDomainRead(d *schema.ResourceData, m interface{ } _ = d.Set("gaap_auth", *httpDomain.GaapAuth == 1) _ = d.Set("gaap_auth_id", httpDomain.GaapCertificateId) + _ = d.Set("is_default_server", httpDomain.IsDefaultServer) return nil } @@ -376,6 +390,7 @@ func resourceTencentCloudGaapHttpDomainUpdate(d *schema.ResourceData, m interfac } listenerId, protocol, domain = split[0], split[1], split[2] + isDefaultServer := d.Get("is_default_server").(bool) service := GaapService{client: m.(tccommon.ProviderMeta).GetAPIV3Conn()} switch protocol { @@ -387,9 +402,9 @@ func resourceTencentCloudGaapHttpDomainUpdate(d *schema.ResourceData, m interfac return fmt.Errorf("argument `%s` cannot be changed for http", v) } } - if d.HasChange("domain") { + if d.HasChange("domain") || d.HasChange("is_default_server") { oldDomain, newDomain := d.GetChange("domain") - err := service.ModifyDomain(ctx, listenerId, oldDomain.(string), newDomain.(string)) + err := service.ModifyDomain(ctx, listenerId, oldDomain.(string), newDomain.(string), isDefaultServer) if err != nil { return err } @@ -399,15 +414,15 @@ func resourceTencentCloudGaapHttpDomainUpdate(d *schema.ResourceData, m interfac case "HTTPS": } - if d.HasChange("domain") { + if d.HasChange("domain") || d.HasChange("is_default_server") { oldDomain, newDomain := d.GetChange("domain") - err := service.ModifyDomain(ctx, listenerId, oldDomain.(string), newDomain.(string)) + err := service.ModifyDomain(ctx, listenerId, oldDomain.(string), newDomain.(string), isDefaultServer) if err != nil { return err } } - listeners, err := service.DescribeHTTPSListeners(ctx, nil, &listenerId, nil, nil) + listeners, err := service.DescribeHTTPSListeners(ctx, nil, nil, &listenerId, nil, nil) if err != nil { return err } diff --git a/tencentcloud/services/gaap/resource_tc_gaap_http_domain_test.go b/tencentcloud/services/gaap/resource_tc_gaap_http_domain_test.go index b4b5716abf..cf13831a49 100644 --- a/tencentcloud/services/gaap/resource_tc_gaap_http_domain_test.go +++ b/tencentcloud/services/gaap/resource_tc_gaap_http_domain_test.go @@ -36,6 +36,7 @@ func TestAccTencentCloudGaapHttpDomainResource_basic(t *testing.T) { resource.TestCheckResourceAttr("tencentcloud_gaap_http_domain.foo", "realserver_auth", "false"), resource.TestCheckResourceAttr("tencentcloud_gaap_http_domain.foo", "basic_auth", "false"), resource.TestCheckResourceAttr("tencentcloud_gaap_http_domain.foo", "gaap_auth", "false"), + resource.TestCheckResourceAttr("tencentcloud_gaap_http_domain.foo", "is_default_server", "false"), ), }, { diff --git a/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener.go b/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener.go index 88f43247fa..383f4afb49 100644 --- a/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener.go +++ b/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener.go @@ -3,6 +3,7 @@ package gaap import ( "context" "errors" + "fmt" tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common" @@ -44,10 +45,20 @@ func ResourceTencentCloudGaapLayer7Listener() *schema.Resource { Description: "Port of the layer7 listener.", }, "proxy_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - Description: "ID of the GAAP proxy.", + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"group_id"}, + AtLeastOneOf: []string{"group_id"}, + Description: "ID of the GAAP proxy.", + }, + "group_id": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"proxy_id"}, + AtLeastOneOf: []string{"proxy_id"}, + Description: "Group ID.", }, "certificate_id": { Type: schema.TypeString, @@ -86,6 +97,20 @@ func ResourceTencentCloudGaapLayer7Listener() *schema.Resource { ConflictsWith: []string{"client_certificate_id"}, Description: "ID list of the client certificate. Set only when `auth_type` is specified as mutual authentication. NOTES: Only supports listeners of `HTTPS` protocol.", }, + "tls_support_versions": { + Type: schema.TypeSet, + Optional: true, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + Description: "TLS version, optional TLSv1, TLSv1.1, TLSv1.2, TLSv1.3.", + }, + "tls_ciphers": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Password Suite, optional GAAP_TLS_CIPHERS_STRICT, GAAP_TLS_CIPHERS_GENERAL, GAAP_TLS_CIPHERS_WIDE(default).", + }, // computed "status": { @@ -113,7 +138,13 @@ func resourceTencentCloudGaapLayer7ListenerCreate(d *schema.ResourceData, m inte protocol := d.Get("protocol").(string) name := d.Get("name").(string) port := d.Get("port").(int) - proxyId := d.Get("proxy_id").(string) + var proxyId, groupId string + if v, ok := d.GetOk("proxy_id"); ok { + proxyId = v.(string) + } + if v, ok := d.GetOk("group_id"); ok { + groupId = v.(string) + } service := GaapService{client: m.(tccommon.ProviderMeta).GetAPIV3Conn()} @@ -124,7 +155,7 @@ func resourceTencentCloudGaapLayer7ListenerCreate(d *schema.ResourceData, m inte switch protocol { case "HTTP": - id, err = service.CreateHTTPListener(ctx, name, proxyId, port) + id, err = service.CreateHTTPListener(ctx, name, proxyId, groupId, port) case "HTTPS": var ( @@ -168,7 +199,7 @@ func resourceTencentCloudGaapLayer7ListenerCreate(d *schema.ResourceData, m inte id, err = service.CreateHTTPSListener( ctx, - name, certificateId, forwardProtocol, proxyId, polyClientCertificateIds, port, authType, + name, certificateId, forwardProtocol, proxyId, groupId, polyClientCertificateIds, port, authType, ) } @@ -178,6 +209,36 @@ func resourceTencentCloudGaapLayer7ListenerCreate(d *schema.ResourceData, m inte d.SetId(id) + vTlsCiphers, okTlsCiphers := d.GetOk("tls_ciphers") + vTlsSupportVersions, okTlsSupportVersions := d.GetOk("tls_support_versions") + if okTlsCiphers && okTlsSupportVersions { + if protocol != "HTTPS" { + return errors.New("Only https can set tls") + } + if proxyId != "" { + proxyDetail, err := service.DescribeGaapProxyDetail(ctx, proxyId) + if err != nil { + return err + } + if proxyDetail.IsSupportTLSChoice != nil && int(*proxyDetail.IsSupportTLSChoice) != 1 { + return fmt.Errorf("proxy(%s) not support TLS Choice", proxyId) + } + } + if groupId != "" { + proxyGroup, err := service.DescribeGaapProxyGroupById(ctx, groupId) + if err != nil { + return err + } + if proxyGroup.IsSupportTLSChoice != nil && int(*proxyGroup.IsSupportTLSChoice) != 1 { + return fmt.Errorf("group(%s) not support TLS Choice", groupId) + } + } + err := service.SetTlsVersion(ctx, id, vTlsCiphers.(string), helper.InterfacesStrings(vTlsSupportVersions.(*schema.Set).List())) + if err != nil { + return err + } + } + return resourceTencentCloudGaapLayer7ListenerRead(d, m) } @@ -201,6 +262,8 @@ func resourceTencentCloudGaapLayer7ListenerRead(d *schema.ResourceData, m interf createTime string polyClientCertificateIds []*string proxyId *string + tlsCiphers *string + tlsSupportVersion []*string ) service := GaapService{client: m.(tccommon.ProviderMeta).GetAPIV3Conn()} @@ -210,7 +273,7 @@ LOOP: switch protocol { case "": // import mode, need check protocol - httpListeners, err := service.DescribeHTTPListeners(ctx, nil, &id, nil, nil) + httpListeners, err := service.DescribeHTTPListeners(ctx, nil, nil, &id, nil, nil) if err != nil { return err } @@ -219,7 +282,7 @@ LOOP: continue } - httpsListeners, err := service.DescribeHTTPSListeners(ctx, nil, &id, nil, nil) + httpsListeners, err := service.DescribeHTTPSListeners(ctx, nil, nil, &id, nil, nil) if err != nil { return err } @@ -233,7 +296,7 @@ LOOP: return nil case "HTTP": - listeners, err := service.DescribeHTTPListeners(ctx, nil, &id, nil, nil) + listeners, err := service.DescribeHTTPListeners(ctx, nil, nil, &id, nil, nil) if err != nil { return err } @@ -267,7 +330,7 @@ LOOP: break LOOP case "HTTPS": - listeners, err := service.DescribeHTTPSListeners(ctx, nil, &id, nil, nil) + listeners, err := service.DescribeHTTPSListeners(ctx, nil, nil, &id, nil, nil) if err != nil { return err } @@ -294,6 +357,8 @@ LOOP: forwardProtocol = listener.ForwardProtocol authType = listener.AuthType proxyId = listener.ProxyId + tlsCiphers = listener.TLSCiphers + tlsSupportVersion = listener.TLSSupportVersion // mutual authentication if *authType == 1 { @@ -326,6 +391,8 @@ LOOP: _ = d.Set("status", status) _ = d.Set("create_time", createTime) _ = d.Set("proxy_id", proxyId) + _ = d.Set("tls_ciphers", tlsCiphers) + _ = d.Set("tls_support_versions", tlsSupportVersion) return nil } @@ -340,7 +407,13 @@ func resourceTencentCloudGaapLayer7ListenerUpdate(d *schema.ResourceData, m inte id := d.Id() protocol := d.Get("protocol").(string) - proxyId := d.Get("proxy_id").(string) + var proxyId, groupId string + if v, ok := d.GetOk("proxy_id"); ok { + proxyId = v.(string) + } + if v, ok := d.GetOk("group_id"); ok { + groupId = v.(string) + } service := GaapService{client: m.(tccommon.ProviderMeta).GetAPIV3Conn()} @@ -348,9 +421,13 @@ func resourceTencentCloudGaapLayer7ListenerUpdate(d *schema.ResourceData, m inte case "HTTP": if d.HasChange("name") { name := d.Get("name").(string) - if err := service.ModifyHTTPListener(ctx, id, proxyId, name); err != nil { + if err := service.ModifyHTTPListener(ctx, id, proxyId, groupId, name); err != nil { return err } + + } + if d.HasChange("tls_support_versions") || d.HasChange("tls_ciphers") { + return errors.New("http listener not support change tls_support_versions or tls_ciphers") } case "HTTPS": @@ -359,16 +436,17 @@ func resourceTencentCloudGaapLayer7ListenerUpdate(d *schema.ResourceData, m inte certificateId *string forwardProtocol *string polyClientCertificateIds []string + isModifyHTTPSListener bool ) name = helper.String(d.Get("name").(string)) certificateId = helper.String(d.Get("certificate_id").(string)) forwardProtocol = helper.String(d.Get("forward_protocol").(string)) - if d.HasChange("client_certificate_id") { if raw, ok := d.GetOk("client_certificate_id"); ok { polyClientCertificateIds = append(polyClientCertificateIds, raw.(string)) } + isModifyHTTPSListener = true } if d.HasChange("client_certificate_ids") { @@ -380,10 +458,48 @@ func resourceTencentCloudGaapLayer7ListenerUpdate(d *schema.ResourceData, m inte polyClientCertificateIds = append(polyClientCertificateIds, polyId.(string)) } } + isModifyHTTPSListener = true } - if err := service.ModifyHTTPSListener(ctx, proxyId, id, name, forwardProtocol, certificateId, polyClientCertificateIds); err != nil { - return err + if isModifyHTTPSListener { + if err := service.ModifyHTTPSListener(ctx, proxyId, groupId, id, name, forwardProtocol, certificateId, polyClientCertificateIds); err != nil { + return err + } + } + + if d.HasChange("tls_support_versions") || d.HasChange("tls_ciphers") { + var ( + tlsCiphers string + tlsSupportVersion []string + ) + if v, ok := d.GetOk("tls_ciphers"); ok { + tlsCiphers = v.(string) + } + if v, ok := d.GetOk("tls_support_versions"); ok { + tlsSupportVersion = helper.InterfacesStrings(v.(*schema.Set).List()) + } + if proxyId != "" { + proxyDetail, err := service.DescribeGaapProxyDetail(ctx, proxyId) + if err != nil { + return err + } + if proxyDetail.IsSupportTLSChoice != nil && int(*proxyDetail.IsSupportTLSChoice) != 1 { + return fmt.Errorf("proxy(%s) not support TLS Choice", proxyId) + } + } + if groupId != "" { + proxyGroup, err := service.DescribeGaapProxyGroupById(ctx, groupId) + if err != nil { + return err + } + if proxyGroup.IsSupportTLSChoice != nil && int(*proxyGroup.IsSupportTLSChoice) != 1 { + return fmt.Errorf("group(%s) not support TLS Choice", groupId) + } + } + err := service.SetTlsVersion(ctx, id, tlsCiphers, tlsSupportVersion) + if err != nil { + return err + } } } diff --git a/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener_test.go b/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener_test.go index 707f3cfa3a..8400381e2d 100644 --- a/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener_test.go +++ b/tencentcloud/services/gaap/resource_tc_gaap_layer7_listener_test.go @@ -34,7 +34,7 @@ func init() { proxyIds := []string{tcacctest.DefaultGaapProxyId, tcacctest.DefaultGaapProxyId2} for _, proxyId := range proxyIds { proxyIdTmp := proxyId - httpListeners, err := service.DescribeHTTPListeners(ctx, &proxyIdTmp, nil, nil, nil) + httpListeners, err := service.DescribeHTTPListeners(ctx, &proxyIdTmp, nil, nil, nil, nil) if err != nil { return err } @@ -59,7 +59,7 @@ func init() { } } - httpsListeners, err := service.DescribeHTTPSListeners(ctx, &proxyIdTmp, nil, nil, nil) + httpsListeners, err := service.DescribeHTTPSListeners(ctx, &proxyIdTmp, nil, nil, nil, nil) if err != nil { return err } @@ -321,7 +321,7 @@ func testAccCheckGaapLayer7ListenerExists(n string, id *string, protocol string) switch protocol { case "HTTP": - listeners, err := service.DescribeHTTPListeners(context.TODO(), nil, &rs.Primary.ID, nil, nil) + listeners, err := service.DescribeHTTPListeners(context.TODO(), nil, nil, &rs.Primary.ID, nil, nil) if err != nil { return err } @@ -337,7 +337,7 @@ func testAccCheckGaapLayer7ListenerExists(n string, id *string, protocol string) } case "HTTPS": - listeners, err := service.DescribeHTTPSListeners(context.TODO(), nil, &rs.Primary.ID, nil, nil) + listeners, err := service.DescribeHTTPSListeners(context.TODO(), nil, nil, &rs.Primary.ID, nil, nil) if err != nil { return err } @@ -368,7 +368,7 @@ func testAccCheckGaapLayer7ListenerDestroy(id *string, protocol string) resource switch protocol { case "HTTP": - listeners, err := service.DescribeHTTPListeners(context.TODO(), nil, id, nil, nil) + listeners, err := service.DescribeHTTPListeners(context.TODO(), nil, nil, id, nil, nil) if err != nil { if sdkError, ok := err.(*sdkErrors.TencentCloudSDKError); ok { if sdkError.Code == svcgaap.GAAPResourceNotFound || (sdkError.Code == "InvalidParameter" && sdkError.Message == "ListenerId") { @@ -383,7 +383,7 @@ func testAccCheckGaapLayer7ListenerDestroy(id *string, protocol string) resource } case "HTTPS": - listeners, err := service.DescribeHTTPSListeners(context.TODO(), nil, id, nil, nil) + listeners, err := service.DescribeHTTPSListeners(context.TODO(), nil, nil, id, nil, nil) if err != nil { if sdkError, ok := err.(*sdkErrors.TencentCloudSDKError); ok { if sdkError.Code == svcgaap.GAAPResourceNotFound || (sdkError.Code == "InvalidParameter" && sdkError.Message == "ListenerId") { diff --git a/tencentcloud/services/gaap/service_tencentcloud_gaap.go b/tencentcloud/services/gaap/service_tencentcloud_gaap.go index b56677f631..1c59fe4d30 100644 --- a/tencentcloud/services/gaap/service_tencentcloud_gaap.go +++ b/tencentcloud/services/gaap/service_tencentcloud_gaap.go @@ -1734,12 +1734,17 @@ func (me *GaapService) DeleteSecurityRule(ctx context.Context, policyId, ruleId return nil } -func (me *GaapService) CreateHTTPListener(ctx context.Context, name, proxyId string, port int) (id string, err error) { +func (me *GaapService) CreateHTTPListener(ctx context.Context, name, proxyId, groupId string, port int) (id string, err error) { logId := tccommon.GetLogId(ctx) client := me.client.UseGaapClient() request := gaap.NewCreateHTTPListenerRequest() - request.ProxyId = &proxyId + if proxyId != "" { + request.ProxyId = &proxyId + } + if groupId != "" { + request.GroupId = &groupId + } request.ListenerName = &name request.Port = helper.IntUint64(port) @@ -1766,7 +1771,7 @@ func (me *GaapService) CreateHTTPListener(ctx context.Context, name, proxyId str return "", err } - if err := waitLayer7ListenerReady(ctx, client, proxyId, id, "HTTP"); err != nil { + if err := waitLayer7ListenerReady(ctx, client, proxyId, groupId, id, "HTTP"); err != nil { log.Printf("[CRITAL]%s create HTTP listener failed, reason: %v", logId, err) return "", err } @@ -1776,7 +1781,7 @@ func (me *GaapService) CreateHTTPListener(ctx context.Context, name, proxyId str func (me *GaapService) CreateHTTPSListener( ctx context.Context, - name, certificateId, forwardProtocol, proxyId string, + name, certificateId, forwardProtocol, proxyId, groupId string, polyClientCertificateIds []string, port, authType int, ) (id string, err error) { @@ -1784,7 +1789,12 @@ func (me *GaapService) CreateHTTPSListener( client := me.client.UseGaapClient() request := gaap.NewCreateHTTPSListenerRequest() - request.ProxyId = &proxyId + if proxyId != "" { + request.ProxyId = &proxyId + } + if groupId != "" { + request.GroupId = &groupId + } request.CertificateId = &certificateId request.ForwardProtocol = &forwardProtocol request.ListenerName = &name @@ -1815,7 +1825,7 @@ func (me *GaapService) CreateHTTPSListener( return "", err } - if err := waitLayer7ListenerReady(ctx, client, proxyId, id, "HTTPS"); err != nil { + if err := waitLayer7ListenerReady(ctx, client, proxyId, groupId, id, "HTTPS"); err != nil { log.Printf("[CRITAL]%s create HTTPS listener failed, reason: %v", logId, err) return "", err } @@ -1825,13 +1835,18 @@ func (me *GaapService) CreateHTTPSListener( func (me *GaapService) DescribeHTTPListeners( ctx context.Context, - proxyId, id, name *string, + proxyId, groupId, id, name *string, port *int, ) (listeners []*gaap.HTTPListener, err error) { logId := tccommon.GetLogId(ctx) request := gaap.NewDescribeHTTPListenersRequest() - request.ProxyId = proxyId + if proxyId != nil && *proxyId != "" { + request.ProxyId = proxyId + } + if groupId != nil && *groupId != "" { + request.GroupId = groupId + } request.ListenerId = id if port != nil { @@ -1890,13 +1905,18 @@ func (me *GaapService) DescribeHTTPListeners( func (me *GaapService) DescribeHTTPSListeners( ctx context.Context, - proxyId, listenerId, name *string, + proxyId, groupId, listenerId, name *string, port *int, ) (listeners []*gaap.HTTPSListener, err error) { logId := tccommon.GetLogId(ctx) request := gaap.NewDescribeHTTPSListenersRequest() - request.ProxyId = proxyId + if proxyId != nil && *proxyId != "" { + request.ProxyId = proxyId + } + if groupId != nil && *groupId != "" { + request.GroupId = groupId + } request.ListenerId = listenerId if port != nil { @@ -1953,14 +1973,13 @@ func (me *GaapService) DescribeHTTPSListeners( return } -func (me *GaapService) ModifyHTTPListener(ctx context.Context, id, proxyId, name string) error { +func (me *GaapService) ModifyHTTPListener(ctx context.Context, id, proxyId, groupId, name string) error { logId := tccommon.GetLogId(ctx) client := me.client.UseGaapClient() request := gaap.NewModifyHTTPListenerAttributeRequest() request.ListenerId = &id request.ListenerName = &name - request.ProxyId = &proxyId if err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { ratelimit.Check(request.GetAction()) @@ -1976,7 +1995,7 @@ func (me *GaapService) ModifyHTTPListener(ctx context.Context, id, proxyId, name return err } - if err := waitLayer7ListenerReady(ctx, client, proxyId, id, "HTTP"); err != nil { + if err := waitLayer7ListenerReady(ctx, client, proxyId, groupId, id, "HTTP"); err != nil { log.Printf("[CRITAL]%s modify HTTP listener failed, reason: %v", logId, err) return err } @@ -1986,7 +2005,7 @@ func (me *GaapService) ModifyHTTPListener(ctx context.Context, id, proxyId, name func (me *GaapService) ModifyHTTPSListener( ctx context.Context, - proxyId, id string, + proxyId, groupId, id string, name, forwardProtocol, certificateId *string, polyClientCertificateIds []string, ) error { @@ -1994,7 +2013,9 @@ func (me *GaapService) ModifyHTTPSListener( client := me.client.UseGaapClient() request := gaap.NewModifyHTTPSListenerAttributeRequest() - request.ProxyId = &proxyId + if proxyId != "" { + request.ProxyId = &proxyId + } request.ListenerId = &id request.ListenerName = name request.ForwardProtocol = forwardProtocol @@ -2015,7 +2036,7 @@ func (me *GaapService) ModifyHTTPSListener( return err } - if err := waitLayer7ListenerReady(ctx, client, proxyId, id, "HTTPS"); err != nil { + if err := waitLayer7ListenerReady(ctx, client, proxyId, groupId, id, "HTTPS"); err != nil { log.Printf("[CRITAL]%s modify HTTPS listener failed, reason: %v", logId, err) return err } @@ -2236,14 +2257,19 @@ func waitLayer4ListenerReady(ctx context.Context, client *gaap.Client, id, proto return } -func waitLayer7ListenerReady(ctx context.Context, client *gaap.Client, proxyId, id, protocol string) (err error) { +func waitLayer7ListenerReady(ctx context.Context, client *gaap.Client, proxyId, groupId, id, protocol string) (err error) { logId := tccommon.GetLogId(ctx) switch protocol { case "HTTP": request := gaap.NewDescribeHTTPListenersRequest() - request.ProxyId = &proxyId request.ListenerId = &id + if proxyId != "" { + request.ProxyId = &proxyId + } + if groupId != "" { + request.GroupId = &groupId + } err = resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { ratelimit.Check(request.GetAction()) @@ -2293,8 +2319,13 @@ func waitLayer7ListenerReady(ctx context.Context, client *gaap.Client, proxyId, case "HTTPS": request := gaap.NewDescribeHTTPSListenersRequest() - request.ProxyId = &proxyId request.ListenerId = &id + if proxyId != "" { + request.ProxyId = &proxyId + } + if groupId != "" { + request.GroupId = &groupId + } err = resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { ratelimit.Check(request.GetAction()) @@ -2345,13 +2376,14 @@ func waitLayer7ListenerReady(ctx context.Context, client *gaap.Client, proxyId, return } -func (me *GaapService) CreateHTTPDomain(ctx context.Context, listenerId, domain string) error { +func (me *GaapService) CreateHTTPDomain(ctx context.Context, listenerId, domain string, isDefaultServer bool) error { logId := tccommon.GetLogId(ctx) client := me.client.UseGaapClient() createRequest := gaap.NewCreateDomainRequest() createRequest.ListenerId = &listenerId createRequest.Domain = &domain + createRequest.IsDefaultServer = &isDefaultServer if err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { ratelimit.Check(createRequest.GetAction()) @@ -2412,6 +2444,7 @@ func (me *GaapService) CreateHTTPSDomain( ctx context.Context, listenerId, domain, certificateId string, polyClientCertificateIds []string, + isDefaultServer bool, ) error { logId := tccommon.GetLogId(ctx) client := me.client.UseGaapClient() @@ -2420,6 +2453,7 @@ func (me *GaapService) CreateHTTPSDomain( createRequest.ListenerId = &listenerId createRequest.Domain = &domain createRequest.CertificateId = &certificateId + createRequest.IsDefaultServer = &isDefaultServer for _, polyId := range polyClientCertificateIds { createRequest.PolyClientCertificateIds = append(createRequest.PolyClientCertificateIds, helper.String(polyId)) @@ -4510,7 +4544,7 @@ func (me *GaapService) DeleteGaapGlobalDomainDnsById(ctx context.Context, dnsRec return } -func (me *GaapService) ModifyDomain(ctx context.Context, listenerId, oldDomain, newDomain string) (errRet error) { +func (me *GaapService) ModifyDomain(ctx context.Context, listenerId, oldDomain, newDomain string, isDefaultServer bool) (errRet error) { logId := tccommon.GetLogId(ctx) request := gaap.NewModifyDomainRequest() @@ -4519,6 +4553,7 @@ func (me *GaapService) ModifyDomain(ctx context.Context, listenerId, oldDomain, request.NewDomain = &newDomain request.CertificateId = helper.String("default") request.PolyClientCertificateIds = helper.Strings([]string{"default"}) + request.IsDefaultServer = &isDefaultServer defer func() { if errRet != nil { @@ -4568,6 +4603,32 @@ func (me *GaapService) SwitchProxyGroup(ctx context.Context, groupId, status str return } +func (me *GaapService) SetTlsVersion(ctx context.Context, listenerId, tlsCiphers string, tlsSupportVersions []string) (errRet error) { + logId := tccommon.GetLogId(ctx) + + request := gaap.NewSetTlsVersionRequest() + request.ListenerId = &listenerId + request.TLSCiphers = &tlsCiphers + request.TLSSupportVersion = helper.Strings(tlsSupportVersions) + + defer func() { + if errRet != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error()) + } + }() + + ratelimit.Check(request.GetAction()) + + response, err := me.client.UseGaapClient().SetTlsVersion(request) + if err != nil { + errRet = err + return + } + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) + + return +} + func ListEqual(a, b []string) bool { if len(a) != len(b) { return false diff --git a/website/docs/d/gaap_http_domains.html.markdown b/website/docs/d/gaap_http_domains.html.markdown index 98dae7dfca..26e49c8e4d 100644 --- a/website/docs/d/gaap_http_domains.html.markdown +++ b/website/docs/d/gaap_http_domains.html.markdown @@ -61,6 +61,7 @@ In addition to all arguments above, the following attributes are exported: * `domain` - Forward domain of the layer7 listener. * `gaap_auth_id` - ID of the SSL certificate. * `gaap_auth` - Indicates whether SSL certificate authentication is enable. + * `is_default_server` - Whether to use as the default domain name. * `realserver_auth` - Indicates whether realserver authentication is enable. * `realserver_certificate_domain` - CA certificate domain of the realserver. * `realserver_certificate_id` - (**Deprecated**) It has been deprecated from version 1.28.0. Use `realserver_certificate_ids` instead. CA certificate ID of the realserver. diff --git a/website/docs/d/gaap_layer7_listeners.html.markdown b/website/docs/d/gaap_layer7_listeners.html.markdown index b24ec5c8ab..6dfb2684ce 100644 --- a/website/docs/d/gaap_layer7_listeners.html.markdown +++ b/website/docs/d/gaap_layer7_listeners.html.markdown @@ -41,6 +41,7 @@ data "tencentcloud_gaap_layer7_listeners" "listenerId" { The following arguments are supported: * `protocol` - (Required, String) Protocol of the layer7 listener to be queried. Valid values: `HTTP` and `HTTPS`. +* `group_id` - (Optional, String) Group id. * `listener_id` - (Optional, String) ID of the layer7 listener to be queried. * `listener_name` - (Optional, String) Name of the layer7 listener to be queried. * `port` - (Optional, Int) Port of the layer7 listener to be queried. @@ -64,5 +65,7 @@ In addition to all arguments above, the following attributes are exported: * `protocol` - Protocol of the layer7 listener. * `proxy_id` - ID of the GAAP proxy. * `status` - Status of the layer7 listener. + * `tls_ciphers` - Password Suite, optional GAAP_TLS_CIPHERS_STRICT, GAAP_TLS_CIPHERS_GENERAL, GAAP_TLS_CIPHERS_WIDE(default). + * `tls_support_versions` - TLS version, optional TLSv1, TLSv1.1, TLSv1.2, TLSv1.3. diff --git a/website/docs/d/gaap_proxy_detail.html.markdown b/website/docs/d/gaap_proxy_detail.html.markdown index 3fc6e859d6..2849d80adc 100644 --- a/website/docs/d/gaap_proxy_detail.html.markdown +++ b/website/docs/d/gaap_proxy_detail.html.markdown @@ -60,6 +60,7 @@ In addition to all arguments above, the following attributes are exported: * `ip` - IP. * `provider` - Supplier, BGP represents default, CMCC represents China Mobile, CUCC represents China Unicom, and CTCC represents China Telecom. * `ip` - IP. + * `is_support_tls_choice` - Whether to allow TLS configuration.0-no support, 1-expressed support. * `modify_config_time` - Configuration change timeNote: This field may return null, indicating that a valid value cannot be obtained. * `network_type` - Network type: normal represents regular BGP, cn2 represents premium BGP, triple represents triple network, secure_EIP represents customized security EIPNote: This field may return null, indicating that a valid value cannot be obtained. * `package_type` - proxy package type: Thunder represents standard proxy, Accelerator represents silver acceleration proxy,CrossBorder represents a cross-border proxy.Note: This field may return null, indicating that a valid value cannot be obtained. diff --git a/website/docs/d/gaap_proxy_statistics.html.markdown b/website/docs/d/gaap_proxy_statistics.html.markdown index 1641c95c9f..da189cdcac 100644 --- a/website/docs/d/gaap_proxy_statistics.html.markdown +++ b/website/docs/d/gaap_proxy_statistics.html.markdown @@ -29,7 +29,7 @@ The following arguments are supported: * `end_time` - (Required, String) End Time(2019-03-25 12:00:00). * `granularity` - (Required, Int) Monitoring granularity, currently supporting 60 300 3600 86400, in seconds.When the time range does not exceed 3 days, support a minimum granularity of 60 seconds;When the time range does not exceed 7 days, support a minimum granularity of 300 seconds;When the time range does not exceed 30 days, the minimum granularity supported is 3600 seconds. -* `metric_names` - (Required, Set: [`String`]) Metric Names. Valid values: InBandwidth,OutBandwidth, Concurrent, InPackets, OutPackets, PacketLoss, Latency, HttpQPS, HttpsQPS. +* `metric_names` - (Required, Set: [`String`]) Metric Names. Valid values: InBandwidth,OutBandwidth, Concurrent, InPackets, OutPackets, PacketLoss, Latency, HttpQPS, HttpsQPS, HttpQPSPercent, HttpsQPSPercent. * `proxy_id` - (Required, String) Proxy Id. * `start_time` - (Required, String) Start Time(2019-03-25 12:00:00). * `isp` - (Optional, String) Operator (valid when the proxy is a three network proxy), supports CMCC, CUCC, CTCC, and merges data from the three operators if null values are passed or not passed. diff --git a/website/docs/r/gaap_http_domain.html.markdown b/website/docs/r/gaap_http_domain.html.markdown index a3dd46053c..65ae6dc81b 100644 --- a/website/docs/r/gaap_http_domain.html.markdown +++ b/website/docs/r/gaap_http_domain.html.markdown @@ -48,6 +48,8 @@ The following arguments are supported: * `client_certificate_ids` - (Optional, Set: [`String`]) ID list of the poly client certificate. * `gaap_auth_id` - (Optional, String) ID of the SSL certificate. * `gaap_auth` - (Optional, Bool) Indicates whether SSL certificate authentication is enable, default value is `false`. +* `group_id` - (Optional, String, ForceNew) Group Id. +* `is_default_server` - (Optional, Bool) Whether to use as the default domain name, the default is false. * `realserver_auth` - (Optional, Bool) Indicates whether realserver authentication is enable, default value is `false`. * `realserver_certificate_domain` - (Optional, String) CA certificate domain of the realserver. It has been deprecated. * `realserver_certificate_id` - (Optional, String, **Deprecated**) It has been deprecated from version 1.28.0. Set `realserver_certificate_ids` instead. CA certificate ID of the realserver. diff --git a/website/docs/r/gaap_layer7_listener.html.markdown b/website/docs/r/gaap_layer7_listener.html.markdown index 15345c547f..0fcbd60cfa 100644 --- a/website/docs/r/gaap_layer7_listener.html.markdown +++ b/website/docs/r/gaap_layer7_listener.html.markdown @@ -37,12 +37,15 @@ The following arguments are supported: * `name` - (Required, String) Name of the layer7 listener, the maximum length is 30. * `port` - (Required, Int, ForceNew) Port of the layer7 listener. * `protocol` - (Required, String, ForceNew) Protocol of the layer7 listener. Valid value: `HTTP` and `HTTPS`. -* `proxy_id` - (Required, String, ForceNew) ID of the GAAP proxy. * `auth_type` - (Optional, Int, ForceNew) Authentication type of the layer7 listener. `0` is one-way authentication and `1` is mutual authentication. NOTES: Only supports listeners of `HTTPS` protocol. * `certificate_id` - (Optional, String) Certificate ID of the layer7 listener. NOTES: Only supports listeners of `HTTPS` protocol. * `client_certificate_id` - (Optional, String, **Deprecated**) It has been deprecated from version 1.26.0. Set `client_certificate_ids` instead. ID of the client certificate. Set only when `auth_type` is specified as mutual authentication. NOTES: Only supports listeners of `HTTPS` protocol. * `client_certificate_ids` - (Optional, Set: [`String`]) ID list of the client certificate. Set only when `auth_type` is specified as mutual authentication. NOTES: Only supports listeners of `HTTPS` protocol. * `forward_protocol` - (Optional, String, ForceNew) Protocol type of the forwarding. Valid value: `HTTP` and `HTTPS`. NOTES: Only supports listeners of `HTTPS` protocol. +* `group_id` - (Optional, String, ForceNew) Group ID. +* `proxy_id` - (Optional, String, ForceNew) ID of the GAAP proxy. +* `tls_ciphers` - (Optional, String) Password Suite, optional GAAP_TLS_CIPHERS_STRICT, GAAP_TLS_CIPHERS_GENERAL, GAAP_TLS_CIPHERS_WIDE(default). +* `tls_support_versions` - (Optional, Set: [`String`]) TLS version, optional TLSv1, TLSv1.1, TLSv1.2, TLSv1.3. ## Attributes Reference