diff --git a/examples/load_balancer/lb_full/lb_full.tf b/examples/load_balancer/lb_full/lb_full.tf index d73b6ef60e..3b800718e9 100644 --- a/examples/load_balancer/lb_full/lb_full.tf +++ b/examples/load_balancer/lb_full/lb_full.tf @@ -65,7 +65,6 @@ variable "availability_domain" { } provider "oci" { - // version = "6.9.0" // published on August 27, 2024. tenancy_ocid = var.tenancy_ocid user_ocid = var.user_ocid fingerprint = var.fingerprint @@ -74,12 +73,12 @@ provider "oci" { } data "oci_identity_availability_domain" "ad1" { - compartment_id = var.compartment_ocid // needs to be compartment_ocid if not using root compartment + compartment_id = var.tenancy_ocid // needs to be compartment_ocid if not using root compartment ad_number = 1 } data "oci_identity_availability_domain" "ad2" { - compartment_id = var.compartment_ocid // needs to be compartment_ocid if not using root compartment + compartment_id = var.tenancy_ocid // needs to be compartment_ocid if not using root compartment ad_number = 2 } @@ -476,7 +475,8 @@ resource "oci_load_balancer_listener" "lb-listener3" { connection_configuration { idle_timeout_in_seconds = "2" - backend_tcp_proxy_protocol_version = "1" + backend_tcp_proxy_protocol_version = "2" + backend_tcp_proxy_protocol_options = ["PP2_TYPE_AUTHORITY"] } } diff --git a/internal/integrationtest/load_balancer_listener_tcp_test.go b/internal/integrationtest/load_balancer_listener_tcp_test.go index 48826dd685..721709b64a 100644 --- a/internal/integrationtest/load_balancer_listener_tcp_test.go +++ b/internal/integrationtest/load_balancer_listener_tcp_test.go @@ -30,6 +30,7 @@ var ( listenerTcpConnectionConfigurationRepresentation = map[string]interface{}{ "idle_timeout_in_seconds": acctest.Representation{RepType: acctest.Required, Create: `10`, Update: `11`}, "backend_tcp_proxy_protocol_version": acctest.Representation{RepType: acctest.Optional, Create: `1`, Update: `2`}, + "backend_tcp_proxy_protocol_options": acctest.Representation{RepType: acctest.Optional, Update: []string{`PP2_TYPE_AUTHORITY`}}, } ) @@ -60,6 +61,7 @@ func TestLoadBalancerListenerTcpResource_basic(t *testing.T) { Check: acctest.ComposeAggregateTestCheckFuncWrapper( resource.TestCheckResourceAttr(resourceName, "connection_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "connection_configuration.0.backend_tcp_proxy_protocol_version", "1"), + resource.TestCheckResourceAttr(resourceName, "connection_configuration.0.backend_tcp_proxy_protocol_options.#", "0"), resource.TestCheckResourceAttr(resourceName, "connection_configuration.0.idle_timeout_in_seconds", "10"), resource.TestCheckResourceAttrSet(resourceName, "load_balancer_id"), resource.TestCheckResourceAttr(resourceName, "name", "mylistener"), @@ -76,6 +78,8 @@ func TestLoadBalancerListenerTcpResource_basic(t *testing.T) { Check: acctest.ComposeAggregateTestCheckFuncWrapper( resource.TestCheckResourceAttr(resourceName, "connection_configuration.#", "1"), resource.TestCheckResourceAttr(resourceName, "connection_configuration.0.backend_tcp_proxy_protocol_version", "2"), + resource.TestCheckResourceAttr(resourceName, "connection_configuration.0.backend_tcp_proxy_protocol_options.#", "1"), + resource.TestCheckResourceAttr(resourceName, "connection_configuration.0.backend_tcp_proxy_protocol_options.0", "PP2_TYPE_AUTHORITY"), resource.TestCheckResourceAttr(resourceName, "connection_configuration.0.idle_timeout_in_seconds", "11"), resource.TestCheckResourceAttrSet(resourceName, "load_balancer_id"), resource.TestCheckResourceAttr(resourceName, "name", "mylistener"), diff --git a/internal/service/load_balancer/load_balancer_listener_resource.go b/internal/service/load_balancer/load_balancer_listener_resource.go index 53fb31f3f3..399c50ac60 100644 --- a/internal/service/load_balancer/load_balancer_listener_resource.go +++ b/internal/service/load_balancer/load_balancer_listener_resource.go @@ -72,6 +72,16 @@ func LoadBalancerListenerResource() *schema.Resource { DiffSuppressFunc: tfresource.Int64StringDiffSuppressFunction, }, + // Optional + "backend_tcp_proxy_protocol_options": { + Type: schema.TypeList, + Optional: true, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + // Optional "backend_tcp_proxy_protocol_version": { Type: schema.TypeInt, @@ -643,9 +653,38 @@ func parseListenerCompositeId(compositeId string) (listenerName string, loadBala return } +func toString(s []oci_load_balancer.ConnectionConfigurationBackendTcpProxyProtocolOptionsEnum) []string { + c := make([]string, len(s)) + for i, v := range s { + c[i] = string(v) + } + return c +} + +func toBackendTcpProxyProtocolOptionsEnum(s []string) []oci_load_balancer.ConnectionConfigurationBackendTcpProxyProtocolOptionsEnum { + c := make([]oci_load_balancer.ConnectionConfigurationBackendTcpProxyProtocolOptionsEnum, len(s)) + for i, v := range s { + c[i] = oci_load_balancer.ConnectionConfigurationBackendTcpProxyProtocolOptionsEnum(v) + } + return c +} + func (s *LoadBalancerListenerResourceCrud) mapToConnectionConfiguration(fieldKeyFormat string) (oci_load_balancer.ConnectionConfiguration, error) { result := oci_load_balancer.ConnectionConfiguration{} + if backendTcpProxyProtocolOptions, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "backend_tcp_proxy_protocol_options")); ok { + interfaces := backendTcpProxyProtocolOptions.([]interface{}) + tmp := make([]string, len(interfaces)) + for i := range interfaces { + if interfaces[i] != nil { + tmp[i] = interfaces[i].(string) + } + } + if len(tmp) != 0 || s.D.HasChange(fmt.Sprintf(fieldKeyFormat, "backend_tcp_proxy_protocol_options")) { + result.BackendTcpProxyProtocolOptions = toBackendTcpProxyProtocolOptionsEnum(tmp) + } + } + if backendTcpProxyProtocolVersion, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "backend_tcp_proxy_protocol_version")); ok { tmp := backendTcpProxyProtocolVersion.(int) // Terraform v11 will auto assign nil value to 0 which is invalid value @@ -670,6 +709,10 @@ func (s *LoadBalancerListenerResourceCrud) mapToConnectionConfiguration(fieldKey func ConnectionConfigurationToMap(obj *oci_load_balancer.ConnectionConfiguration) map[string]interface{} { result := map[string]interface{}{} + if obj.BackendTcpProxyProtocolOptions != nil { + result["backend_tcp_proxy_protocol_options"] = toString(obj.BackendTcpProxyProtocolOptions) + } + if obj.BackendTcpProxyProtocolVersion != nil { result["backend_tcp_proxy_protocol_version"] = int(*obj.BackendTcpProxyProtocolVersion) } diff --git a/website/docs/d/load_balancer_load_balancers.html.markdown b/website/docs/d/load_balancer_load_balancers.html.markdown index fcc0e0327c..2d48fd7a80 100644 --- a/website/docs/d/load_balancer_load_balancers.html.markdown +++ b/website/docs/d/load_balancer_load_balancers.html.markdown @@ -127,8 +127,8 @@ The following attributes are exported: The values must be between minimumBandwidthInMbps and 8000 (8Gbps). - Example: `1500` - * `minimum_bandwidth_in_mbps` - Bandwidth in Mbps that determines the total pre-provisioned bandwidth (ingress plus egress). The values must be between 10 and the maximumBandwidthInMbps. Example: `150` + Example: `1500` + * `minimum_bandwidth_in_mbps` - Bandwidth in Mbps that determines the total pre-provisioned bandwidth (ingress plus egress). The values must be between 0 and the maximumBandwidthInMbps in multiples of 10. The current allowed maximum value is defined in [Service Limits](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/servicelimits.htm). Example: `150` * `ssl_cipher_suites` - The configuration details of an SSL cipher suite. The algorithms that compose a cipher suite help you secure Transport Layer Security (TLS) or Secure Socket Layer (SSL) network connections. A cipher suite defines the list of security algorithms your load balancer uses to negotiate with peers while sending and receiving information. The cipher suites you use affect the security level, performance, and compatibility of your data traffic. diff --git a/website/docs/r/load_balancer_listener.html.markdown b/website/docs/r/load_balancer_listener.html.markdown index 8d69efd82d..51aa3e81f2 100644 --- a/website/docs/r/load_balancer_listener.html.markdown +++ b/website/docs/r/load_balancer_listener.html.markdown @@ -29,6 +29,7 @@ resource "oci_load_balancer_listener" "test_listener" { idle_timeout_in_seconds = var.listener_connection_configuration_idle_timeout_in_seconds #Optional + backend_tcp_proxy_protocol_options = var.listener_connection_configuration_backend_tcp_proxy_protocol_options backend_tcp_proxy_protocol_version = var.listener_connection_configuration_backend_tcp_proxy_protocol_version } hostname_names = [oci_load_balancer_hostname.test_hostname.name] @@ -55,6 +56,7 @@ resource "oci_load_balancer_listener" "test_listener" { The following arguments are supported: * `connection_configuration` - (Optional) (Updatable) Configuration details for the connection between the client and backend servers. + * `backend_tcp_proxy_protocol_options` - (Optional) (Updatable) An array that represents the PPV2 Options that can be enabled on TCP Listeners. Example: ["PP2_TYPE_AUTHORITY"] * `backend_tcp_proxy_protocol_version` - (Required when `protocol` = `TCP`) (Updatable) The backend TCP Proxy Protocol version. Example: `1` * `idle_timeout_in_seconds` - (Required) (Updatable) The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations.