Add support for lb certificate

[jerome-quere]

We should add support for load-balancer certificate

[alekc]

Is anyone working on this?

[QuentinBrosse]

Hi @alekc,
Nobody is working on this one for the moment. Do you want to work on it? :)

What do you think about this schema?

// scaleway/resource_lb_certificate_beta.go

var s = &schema.Resource{
	Schema: map[string]*schema.Schema{
		"lb_id": {
			Type:         schema.TypeString,
			Required:     true,
			ValidateFunc: validationUUIDorUUIDWithLocality(),
			Description:  "The load-balancer ID",
		},
		"name": { // Default: newRandomName("lb-cf")
			Type:        schema.TypeString,
			Description: "The name of the load-balancer certificate",
		},
		"letsencrypt": {
			ConflictsWith: []string{"custom_certificate"},
			MaxItems:      1,
			Description:   "The Let's Encrypt type certificate type configuration",
			Elem: &schema.Resource{
				Schema: map[string]*schema.Schema{
					"common_name": {
						Type:        schema.TypeString,
						Required:    true,
						Description: "The main domain name of the certificate",
					},
					"subject_alternative_name": {
						Type:        schema.TypeString,
						Required:    true,
						Description: "The alternative domain names of the certificate",
					},
				},
			},
		},
		"custom_certificate": {
			ConflictsWith: []string{"letsencrypt"},
			MaxItems:      1,
			Description:   "The custom type certificate type configuration",
			Elem: &schema.Resource{
				Schema: map[string]*schema.Schema{
					"certificate_chain": {
						Type:        schema.TypeString,
						Required:    true,
						Description: "The full PEM-formatted certificate chain",
					},
				},
			},
		},

		// Readonly attributes
		"common_name": {
			Type:        schema.TypeString,
			Computed:    true,
			Description: "The main domain name of the certificate",
		},
		"subject_alternative_name": {
			Type:        schema.TypeString,
			Computed:    true,
			Description: "The alternative domain names of the certificate",
		},
		"fingerprint": {
			Type:        schema.TypeString,
			Computed:    true,
			Description: "The identifier (SHA-1) of the certificate",
		},
		"not_valid_before": {
			Type:        schema.TypeString,
			Computed:    true,
			Description: "The not valid before validity bound timestamp",
		},
		"not_valid_after": {
			Type:        schema.TypeString,
			Computed:    true,
			Description: "The not valid after validity bound timestamp",
		},
		"status": {
			Type:        schema.TypeString,
			Computed:    true,
			Description: "The status of certificate",
		},
	},
}

[alekc]

Yeah I can work on it in about 3 days from now.

Looks good but couple of things:

• The Let's Encrypt type certificate type configuration <- we need to rephrase that :p
• If we do not expect any further property coming to the custom_certificate block we can treat it as a string field in itself.
• this is not related to the implementation from terraform point of view but rather scaleway api: it would be nice to have a possibility of setting staging environment for letsencrypt (otherwise, especially with terraform one is risking hitting letsencrypt api limits).

For the rest LGTM

[QuentinBrosse]

Hi @alekc and sorry for the response delay,

The responses for your points:

• I agree, go for it haha
• I think it is better to keep custom_certificate to prevent breaking changes the day we need to add another custom certificate option.
• I will transmit your request to the load balancer team, I will come back to you with a response later.

Thanks! :)

[QuentinBrosse]

@alekc regarding your staging LetsEncrypt idea, we actually don't need it as we have an agreement with them to remove API limits.