feat(lb): add support for frontend ACL

[alekc]

This commit adds support for scaleway lb acl (https://developers.scaleway.com/en/products/lb/api/#get-ff2ff4)

I followed scaleway official api, so tf structure looks like this

resource scaleway_lb_acl_beta acl01 {
	frontend_id = scaleway_lb_frontend_beta.frt01.id
	name = "test-acl"
	action {
		type = "allow"
	}
	match {
		ip_subnet = ["192.168.0.1", "192.168.0.2", "192.168.10.0/24"]
		http_filter = "acl_http_filter_none"
		http_filter_value = ["criteria1","criteria2"]
		invert = "true"
	}
	index = "42"
}

potentially we can transform action.type in action_type, but it's probably best to keep it aligned to official apis.

Tests results

GOROOT=/usr/local/Cellar/go/1.13.5/libexec #gosetup
GOPATH=/Users/alexander.chernov/go #gosetup
/usr/local/Cellar/go/1.13.5/libexec/bin/go test -c -o /private/var/folders/tf/1hrk6yq570qf_t6mktvbbln80000gr/T/___TestAccScalewayLbAclBeta_in_github_com_terraform_providers_terraform_provider_scaleway_scaleway github.com/terraform-providers/terraform-provider-scaleway/scaleway #gosetup
/usr/local/Cellar/go/1.13.5/libexec/bin/go tool test2json -t /private/var/folders/tf/1hrk6yq570qf_t6mktvbbln80000gr/T/___TestAccScalewayLbAclBeta_in_github_com_terraform_providers_terraform_provider_scaleway_scaleway -test.v -test.run ^TestAccScalewayLbAclBeta$ #gosetup
=== RUN   TestAccScalewayLbAclBeta
=== PAUSE TestAccScalewayLbAclBeta
=== CONT  TestAccScalewayLbAclBeta
2020/01/08 09:47:22 [INFO] terraform: building graph: GraphTypeValidate
2020/01/08 09:47:22 [INFO] terraform: building graph: GraphTypeRefresh
2020/01/08 09:47:22 [INFO] terraform: building graph: GraphTypePlan
[DEBUG] GET https://cp-par1.scaleway.com//products/servers/availability
2020/01/08 09:47:27 [WARN] Provider "scaleway" produced an invalid plan for scaleway_lb_backend_beta.bkd01, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .on_marked_down_action: planned value cty.StringVal("none") does not match config value cty.NullVal(cty.String)
      - .send_proxy_v2: planned value cty.False does not match config value cty.NullVal(cty.Bool)
      - .health_check_delay: planned value cty.StringVal("60s") does not match config value cty.NullVal(cty.String)
      - .health_check_max_retries: planned value cty.NumberIntVal(2) does not match config value cty.NullVal(cty.Number)
      - .forward_port_algorithm: planned value cty.StringVal("roundrobin") does not match config value cty.NullVal(cty.String)
      - .health_check_timeout: planned value cty.StringVal("30s") does not match config value cty.NullVal(cty.String)
      - .sticky_sessions: planned value cty.StringVal("none") does not match config value cty.NullVal(cty.String)
      - .health_check_tcp: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
2020/01/08 09:47:27 [WARN] Test: Step plan: DIFF:

CREATE: scaleway_lb_acl_beta.acl01
  action.#:                    "" => "1"
  action.0.type:               "" => "allow"
  frontend_id:                 "" => "<computed>"
  id:                          "" => "<computed>"
  index:                       "" => "42"
  match.#:                     "" => "1"
  match.0.http_filter:         "" => "acl_http_filter_none"
  match.0.http_filter_value.#: "" => "2"
  match.0.http_filter_value.0: "" => "criteria1"
  match.0.http_filter_value.1: "" => "criteria2"
  match.0.invert:              "" => "true"
  match.0.ip_subnet.#:         "" => "3"
  match.0.ip_subnet.0:         "" => "192.168.0.1"
  match.0.ip_subnet.1:         "" => "192.168.0.2"
  match.0.ip_subnet.2:         "" => "192.168.10.0/24"
  name:                        "" => "test-acl"
  organization_id:             "" => "<computed>"
  region:                      "" => "<computed>"
CREATE: scaleway_lb_backend_beta.bkd01
  forward_port:             "" => "80"
  forward_port_algorithm:   "" => "roundrobin"
  forward_protocol:         "" => "tcp"
  health_check_delay:       "" => "60s"
  health_check_http.#:      "" => "0"
  health_check_https.#:     "" => "0"
  health_check_max_retries: "" => "2"
  health_check_port:        "" => "<computed>"
  health_check_tcp:         "" => "<computed>"
  health_check_timeout:     "" => "30s"
  id:                       "" => "<computed>"
  lb_id:                    "" => "<computed>"
  name:                     "" => "<computed>"
  on_marked_down_action:    "" => "none"
  send_proxy_v2:            "" => "false"
  sticky_sessions:          "" => "none"
CREATE: scaleway_lb_beta.lb01
  id:              "" => "<computed>"
  ip_address:      "" => "<computed>"
  ip_id:           "" => "<computed>"
  name:            "" => "test-lb"
  organization_id: "" => "<computed>"
  region:          "" => "<computed>"
  type:            "" => "lb-s"
CREATE: scaleway_lb_frontend_beta.frt01
  backend_id:   "" => "<computed>"
  id:           "" => "<computed>"
  inbound_port: "" => "80"
  lb_id:        "" => "<computed>"
  name:         "" => "<computed>"



STATE:

<no state>
2020/01/08 09:47:27 [INFO] terraform: building graph: GraphTypeApply
[DEBUG] POST https://api.scaleway.com/lb/v1/regions/fr-par/lbs
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
2020/01/08 09:47:34 [WARN] Provider "scaleway" produced an invalid plan for scaleway_lb_backend_beta.bkd01, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .on_marked_down_action: planned value cty.StringVal("none") does not match config value cty.NullVal(cty.String)
      - .send_proxy_v2: planned value cty.False does not match config value cty.NullVal(cty.Bool)
      - .health_check_delay: planned value cty.StringVal("60s") does not match config value cty.NullVal(cty.String)
      - .health_check_max_retries: planned value cty.NumberIntVal(2) does not match config value cty.NullVal(cty.Number)
      - .sticky_sessions: planned value cty.StringVal("none") does not match config value cty.NullVal(cty.String)
      - .forward_port_algorithm: planned value cty.StringVal("roundrobin") does not match config value cty.NullVal(cty.String)
      - .health_check_timeout: planned value cty.StringVal("30s") does not match config value cty.NullVal(cty.String)
      - .health_check_tcp: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
[DEBUG] POST https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6/backends
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/backends/f4e01114-a6b8-4573-8e76-1ca60962ea39
2020/01/08 09:47:35 [WARN] Provider "scaleway" produced an unexpected new value for scaleway_lb_backend_beta.bkd01, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .sticky_sessions_cookie_name: was null, but now cty.StringVal("")
      - .timeout_connect: was null, but now cty.StringVal("")
      - .health_check_delay: was cty.StringVal("60s"), but now cty.StringVal("1m0s")
      - .timeout_server: was null, but now cty.StringVal("")
      - .timeout_tunnel: was null, but now cty.StringVal("")
[DEBUG] POST https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6/frontends
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/frontends/1299788b-db30-43de-89fb-d0ba27eb3f6e
2020/01/08 09:47:36 [WARN] Provider "scaleway" produced an unexpected new value for scaleway_lb_frontend_beta.frt01, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .certificate_id: was null, but now cty.StringVal("")
      - .timeout_client: was null, but now cty.StringVal("")
[DEBUG] POST https://api.scaleway.com/lb/v1/regions/fr-par/frontends/1299788b-db30-43de-89fb-d0ba27eb3f6e/acls
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/acls/97597927-3c36-4241-9eda-d7ea88fde08c
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/acls/97597927-3c36-4241-9eda-d7ea88fde08c
2020/01/08 09:47:36 [INFO] terraform: building graph: GraphTypePlan
2020/01/08 09:47:36 [WARN] Provider "scaleway" produced an invalid plan for scaleway_lb_backend_beta.bkd01, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .health_check_tcp: block count in plan (1) disagrees with count in config (0)
2020/01/08 09:47:36 [INFO] terraform: building graph: GraphTypeRefresh
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/backends/f4e01114-a6b8-4573-8e76-1ca60962ea39
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/frontends/1299788b-db30-43de-89fb-d0ba27eb3f6e
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/acls/97597927-3c36-4241-9eda-d7ea88fde08c
2020/01/08 09:47:37 [INFO] terraform: building graph: GraphTypePlan
2020/01/08 09:47:37 [WARN] Provider "scaleway" produced an invalid plan for scaleway_lb_backend_beta.bkd01, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .health_check_tcp: block count in plan (1) disagrees with count in config (0)
2020/01/08 09:47:37 [WARN] Test: Executing destroy step
2020/01/08 09:47:37 [INFO] terraform: building graph: GraphTypeValidate
2020/01/08 09:47:37 [INFO] terraform: building graph: GraphTypeRefresh
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/backends/f4e01114-a6b8-4573-8e76-1ca60962ea39
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/frontends/1299788b-db30-43de-89fb-d0ba27eb3f6e
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/acls/97597927-3c36-4241-9eda-d7ea88fde08c
2020/01/08 09:47:39 [INFO] terraform: building graph: GraphTypePlanDestroy
2020/01/08 09:47:39 [WARN] Test: Step plan: DIFF:

DESTROY: scaleway_lb_acl_beta.acl01
  action.#:                    "1" => ""
  action.0.type:               "allow" => ""
  frontend_id:                 "fr-par/1299788b-db30-43de-89fb-d0ba27eb3f6e" => ""
  id:                          "fr-par/97597927-3c36-4241-9eda-d7ea88fde08c" => ""
  index:                       "42" => ""
  match.#:                     "1" => ""
  match.0.http_filter:         "acl_http_filter_none" => ""
  match.0.http_filter_value.#: "2" => ""
  match.0.http_filter_value.0: "criteria1" => ""
  match.0.http_filter_value.1: "criteria2" => ""
  match.0.invert:              "true" => ""
  match.0.ip_subnet.#:         "3" => ""
  match.0.ip_subnet.0:         "192.168.0.1" => ""
  match.0.ip_subnet.1:         "192.168.0.2" => ""
  match.0.ip_subnet.2:         "192.168.10.0/24" => ""
  name:                        "test-acl" => ""
DESTROY: scaleway_lb_backend_beta.bkd01
  forward_port:                "80" => ""
  forward_port_algorithm:      "roundrobin" => ""
  forward_protocol:            "tcp" => ""
  health_check_delay:          "1m0s" => ""
  health_check_http.#:         "0" => ""
  health_check_https.#:        "0" => ""
  health_check_max_retries:    "2" => ""
  health_check_port:           "80" => ""
  health_check_tcp.#:          "1" => ""
  health_check_timeout:        "30s" => ""
  id:                          "fr-par/f4e01114-a6b8-4573-8e76-1ca60962ea39" => ""
  lb_id:                       "fr-par/8ef01b1d-3d35-4d80-8e02-23583c81e6e6" => ""
  name:                        "tf-lb-bkd-pensive-beaver" => ""
  on_marked_down_action:       "none" => ""
  send_proxy_v2:               "false" => ""
  server_ips.#:                "0" => ""
  sticky_sessions:             "none" => ""
  sticky_sessions_cookie_name: "" => ""
  timeout_connect:             "" => ""
  timeout_server:              "" => ""
  timeout_tunnel:              "" => ""
DESTROY: scaleway_lb_beta.lb01
  id:              "fr-par/8ef01b1d-3d35-4d80-8e02-23583c81e6e6" => ""
  ip_address:      "51.159.26.78" => ""
  ip_id:           "a500f6d8-1fd9-4f7f-a5b9-8babe1841d8b" => ""
  name:            "test-lb" => ""
  organization_id: "********" => ""
  region:          "fr-par" => ""
  tags.#:          "0" => ""
  type:            "lb-s" => ""
DESTROY: scaleway_lb_frontend_beta.frt01
  backend_id:     "fr-par/f4e01114-a6b8-4573-8e76-1ca60962ea39" => ""
  certificate_id: "" => ""
  id:             "fr-par/1299788b-db30-43de-89fb-d0ba27eb3f6e" => ""
  inbound_port:   "80" => ""
  lb_id:          "fr-par/8ef01b1d-3d35-4d80-8e02-23583c81e6e6" => ""
  name:           "tf-lb-frt-infallible-spence" => ""
  timeout_client: "" => ""



STATE:

scaleway_lb_acl_beta.acl01:
  ID = fr-par/97597927-3c36-4241-9eda-d7ea88fde08c
  provider = provider.scaleway
  action.# = 1
  action.0.type = allow
  frontend_id = fr-par/1299788b-db30-43de-89fb-d0ba27eb3f6e
  index = 42
  match.# = 1
  match.0.http_filter = acl_http_filter_none
  match.0.http_filter_value.# = 2
  match.0.http_filter_value.0 = criteria1
  match.0.http_filter_value.1 = criteria2
  match.0.invert = true
  match.0.ip_subnet.# = 3
  match.0.ip_subnet.0 = 192.168.0.1
  match.0.ip_subnet.1 = 192.168.0.2
  match.0.ip_subnet.2 = 192.168.10.0/24
  name = test-acl

  Dependencies:
    scaleway_lb_frontend_beta.frt01
scaleway_lb_backend_beta.bkd01:
  ID = fr-par/f4e01114-a6b8-4573-8e76-1ca60962ea39
  provider = provider.scaleway
  forward_port = 80
  forward_port_algorithm = roundrobin
  forward_protocol = tcp
  health_check_delay = 1m0s
  health_check_max_retries = 2
  health_check_port = 80
  health_check_tcp.# = 1
  health_check_timeout = 30s
  lb_id = fr-par/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
  name = tf-lb-bkd-pensive-beaver
  on_marked_down_action = none
  send_proxy_v2 = false
  sticky_sessions = none
  sticky_sessions_cookie_name = 
  timeout_connect = 
  timeout_server = 
  timeout_tunnel = 

  Dependencies:
    scaleway_lb_beta.lb01
scaleway_lb_beta.lb01:
  ID = fr-par/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
  provider = provider.scaleway
  ip_address = 51.159.26.78
  ip_id = a500f6d8-1fd9-4f7f-a5b9-8babe1841d8b
  name = test-lb
  organization_id =***
  region = fr-par
  type = lb-s
scaleway_lb_frontend_beta.frt01:
  ID = fr-par/1299788b-db30-43de-89fb-d0ba27eb3f6e
  provider = provider.scaleway
  backend_id = fr-par/f4e01114-a6b8-4573-8e76-1ca60962ea39
  certificate_id = 
  inbound_port = 80
  lb_id = fr-par/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
  name = tf-lb-frt-infallible-spence
  timeout_client = 

  Dependencies:
    scaleway_lb_backend_beta.bkd01
    scaleway_lb_beta.lb01
2020/01/08 09:47:39 [INFO] terraform: building graph: GraphTypeApply
[DEBUG] DELETE https://api.scaleway.com/lb/v1/regions/fr-par/acls/97597927-3c36-4241-9eda-d7ea88fde08c
[DEBUG] DELETE https://api.scaleway.com/lb/v1/regions/fr-par/frontends/1299788b-db30-43de-89fb-d0ba27eb3f6e
[DEBUG] DELETE https://api.scaleway.com/lb/v1/regions/fr-par/backends/f4e01114-a6b8-4573-8e76-1ca60962ea39
[DEBUG] DELETE https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6?release_ip=true
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/lbs/8ef01b1d-3d35-4d80-8e02-23583c81e6e6
[DEBUG] GET https://api.scaleway.com/lb/v1/regions/fr-par/frontends/1299788b-db30-43de-89fb-d0ba27eb3f6e
2020/01/08 09:47:43 [INFO] terraform: building graph: GraphTypePlanDestroy
2020/01/08 09:47:43 [INFO] terraform: building graph: GraphTypeRefresh
2020/01/08 09:47:43 [INFO] terraform: building graph: GraphTypePlanDestroy
--- PASS: TestAccScalewayLbAclBeta (20.63s)
PASS

Process finished with exit code 0

[jerome-quere]

Hi @alekc

Thank you very much for your contribution 👍 .
Before we start the PR review in detail I discussed it with the team and we think it would be better to keep the same approach with LB ACL as in security-group-rule in instance product.

In the instance product we do something like this:

resource scaleway_instance_security_group sg1 {
  inbound_rule {
     ip = 8.8.8.8
     action = accept
  }
  inbound_rule {
     ip = 1.1.1.1
     action = accept
  }
}

For ACL this would translate to

resource scaleway_lb_frontent frt1 {
  acl {
    action { type = accept }
    match { ... }
  }
  
  acl {
    action { type = accept }
    match { ... }
  }
}

This notation as multiple advantages:

• It keeps ACL order explicit (no need for error-prone index notation)
• It keeps frontend and ACL visually linked.
• It is similar to the instance security group

Do you want to work on this on this PR or do you prefer we merge it as is. Knowing that we will implement the above solution before the next release?

[alekc]

Ok, I will amend the current pr to align it to security groups.

[alekc]

First draft for realignment. I need to write a better testing, but otherwise it's almost there I'd say (still need to build the provider and try to run some create/update/destroy by hand to).

This is a full example

resource scaleway_lb_frontend_beta frt01 {
	lb_id = scaleway_lb_beta.lb01.id
	backend_id = scaleway_lb_backend_beta.bkd01.id
	name = "tf-test"
	inbound_port = 80
	timeout_client = "30s"
	acl {
		name = "test-acl"
		action {
			type = "allow"
		}
		match {
			ip_subnet = ["192.168.0.1", "192.168.0.2", "192.168.10.0/24"]
			http_filter = "acl_http_filter_none"
			http_filter_value = ["criteria1","criteria2"]
			invert = "true"
		}
	}
	acl {
		action {
			type = "allow"
		}
		match {
			http_filter = "path_begin"
			http_filter_value = ["criteria1","criteria2"]
			invert = "true"
		}
	}
	acl {
		action {
			type = "allow"
		}
		match {
			http_filter_value = ["criteria1","criteria2"]
		}
	}
	acl {
		action {
			type = "allow"
		}
		match {
			http_filter = "acl_http_filter_none"
			http_filter_value = ["criteria1","criteria2"]
		}
	}
	acl {
		match {
			ip_subnet = ["192.168.0.1", "192.168.0.2", "192.168.10.0/24"]
			http_filter = "acl_http_filter_none"
			http_filter_value = ["criteria1","criteria2"]
			invert = "true"
		}
		action {
			type = "deny"
		}
	}
}

Some considerations:

1. I am still not convinced about action.type. I kept it as subarray to keep it aligned, but it might be easier for customers if it was written like this:

acl {
  action_type = "allow/deny"
}

2. Scaleway provider asks for ip/subnet to be always present, so in case a customer has not passed any I am assuming that they wanted to apply it to every ip and put "0.0.0.0/0" in subnet
   3)if http_filter is empty/acl_http_filter_none, http_filter_value is dropped
3. although the index is supported (and required) on acl, I didn't provided any support for it and rely only on the ordering of rules inside frontend block. This should be much easier to deal with for customers than trying to figure out the final order if the index was supported.

[jerome-quere]

Hey, great work 👏 . I added a few remarks.

@kindermoumoute can you please also have a look?

[alekc]

Thanks @jerome-quere , I will amend pull request. Meanwhile I am having some issues with update tests because I think there is a bug with scaleway api

----------------------------------------------------------
2020/01/16 09:50:44 [DEBUG] creating PUT request on https://api.scaleway.com/lb/v1/regions/fr-par/acls/e8d480b2-eaa6-4161-83b8-3861ff508dda
2020/01/16 09:50:44 [DEBUG] 
--------------- Scaleway SDK REQUEST 27 : ---------------
PUT /lb/v1/regions/fr-par/acls/e8d480b2-eaa6-4161-83b8-3861ff508dda HTTP/1.1
Host: api.scaleway.com
User-Agent: scaleway-sdk-go/v1.0.0-beta.5+dev (go1.13.5; darwin; amd64) terraform-provider/v1.13.0-tftest terraform/0.12.7-sdk
Content-Length: 167
Content-Type: application/json
X-Auth-Token: b0da8138-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Accept-Encoding: gzip

{"name":"test-acl","action":{"type":"allow"},"match":{"ip_subnet":["10.0.0.10"],"http_filter":"path_begin","http_filter_value":["foo","bar"],"invert":false},"index":1}

[DEBUG] PUT https://api.scaleway.com/lb/v1/regions/fr-par/acls/e8d480b2-eaa6-4161-83b8-3861ff508dda
2020/01/16 09:50:44 [DEBUG] 
--------------- Scaleway SDK RESPONSE 27 : ---------------
HTTP/1.1 200 OK
Connection: close
Content-Length: 1887
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
Content-Type: application/json
Date: Thu, 16 Jan 2020 09:50:44 GMT
Server: scaleway_api
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: 0964737b-2479-4536-9b6a-4a6b16d3910f

{
   "id":"e8d480b2-eaa6-4161-83b8-3861ff508dda",
   "name":"test-acl",
   "match":{
      "ip_subnet":[
         "10.0.0.10"
      ],
      "http_filter":"path_begin",
      "http_filter_value":[
         "foo",
         "bar"
      ],
      "invert":true
   },
   "action":{
      "type":"allow"
   },
   "frontend":{
      "id":"68059f5a-8820-4951-95b3-2fd9ef0f6ded",
      "name":"tf-test",
      "inbound_port":80,
      "backend":{
         "id":"f9755ba9-41cb-44d8-9316-4bbf4dd1a469",
         "name":"tf-lb-bkd-recursing-meninsky",
         "forward_protocol":"http",
         "forward_port":80,
         "forward_port_algorithm":"roundrobin",
         "sticky_sessions":"none",
         "sticky_sessions_cookie_name":"",
         "health_check":{
            "port":80,
            "check_delay":60000,
            "check_timeout":30000,
            "check_max_retries":2,
            "tcp_config":{

            }
         },
         "pool":[

         ],
         "lb":{
            "id":"7fb70ab5-2513-4fd5-a51b-836aa61e6316",
            "name":"test-lb-acl",
            "description":"",
            "status":"ready",
            "instances":[

            ],
            "organization_id":"xxx-xxx",
            "ip":[
               {
                  "id":"07674d5e-db50-48e5-ba36-c71f1240b665",
                  "ip_address":"51.159.24.222",
                  "organization_id":"xxx-xxx",
                  "lb_id":"7fb70ab5-2513-4fd5-a51b-836aa61e6316",
                  "reverse":"51-159-24-222.lb.fr-par.scw.cloud",
                  "region":"fr-par"
               }
            ],
            "tags":[

            ],
            "frontend_count":1,
            "backend_count":1,
            "type":"lb-s",
            "subscriber":null,
            "region":"fr-par"
         },
         "send_proxy_v2":false,
         "timeout_server":null,
         "timeout_connect":null,
         "timeout_tunnel":null,
         "on_marked_down_action":"on_marked_down_action_none"
      },
      "lb":{
         "id":"7fb70ab5-2513-4fd5-a51b-836aa61e6316",
         "name":"test-lb-acl",
         "description":"",
         "status":"ready",
         "instances":[

         ],
         "organization_id":"xxx-xxx",
         "ip":[
            {
               "id":"07674d5e-db50-48e5-ba36-c71f1240b665",
               "ip_address":"51.159.24.222",
               "organization_id":"xxx-xxx",
               "lb_id":"7fb70ab5-2513-4fd5-a51b-836aa61e6316",
               "reverse":"51-159-24-222.lb.fr-par.scw.cloud",
               "region":"fr-par"
            }
         ],
         "tags":[

         ],
         "frontend_count":1,
         "backend_count":1,
         "type":"lb-s",
         "subscriber":null,
         "region":"fr-par"
      },
      "timeout_client":30000,
      "certificate":null
   },
   "index":1
}

Notice the invert boolean. I am setting it to false but it's being returned as true from scaleway.

and from api documentation

By default match filter is a IF condition. You can set invert to true to have a unless condition.

[kindermoumoute]

Minor changes

[kindermoumoute]

LGTM

[alekc]

@kindermoumoute or @jerome-quere can you verify if there is indeed a bug with the scaleway api as described in https://github.com/terraform-providers/terraform-provider-scaleway/pull/382#issuecomment-575088706? I don't think there is a public place for those kinds of reports.

[jerome-quere]

The issue has been escalated to the load-balancer team, I'll let you know as soon as we have more information.

[agirot]

@alekc @jerome-quere Fixed ! Sorry about that.

[kindermoumoute]

LGTM

[jerome-quere]

LGTM

[jerome-quere]

👏