feat(lb): add match_subdomains & connection_rate_limit (#2986)

* feat(lb): add match_subdomains & connection_rate_limit

* add doc

Author: yfodil

docs/data-sources/lb_routes.md

@@ -38,5 +38,6 @@ In addition to all arguments above, the following attributes are exported:
     - `backend_id` - The backend ID to redirect to
     - `created_at` - The date on which the route was created (RFC 3339 format).
     - `update_at` - The date on which the route was last updated (RFC 3339 format).
+    - `match_subdomains` - If true, all subdomains will match.
     - `match_sni` - Server Name Indication TLS extension field from an incoming connection made via an SSL/TLS transport layer.
     - `match_host_header` - Specifies the host of the server to which the request is being sent.

docs/resources/lb_frontend.md

@@ -171,6 +171,8 @@ The following arguments are supported:
 
 - `enable_http3` - (Default: `false`) Activates HTTP/3 protocol.
 
+- `connection_rate_limit` - (Optional) The rate limit for new connections established on this frontend. Use 0 value to disable, else value is connections per second.
+
 - `acl` - (Optional) A list of ACL rules to apply to the Load Balancer frontend.  Defined below.
 
 ## acl

docs/resources/lb_route.md

@@ -79,6 +79,7 @@ The following arguments are supported:
 
 - `backend_id` - (Required) The ID of the backend the route is associated with.
 - `frontend_id` - (Required) The ID of the frontend the route is associated with.
+- `match_subdomains` - (Default: `false`) If true, all subdomains will match.
 - `match_sni` - The Server Name Indication (SNI) value to match. Value to match in the Server Name Indication TLS extension (SNI) field from an incoming connection made via an SSL/TLS transport layer.
   Only one of `match_sni` and `match_host_header` should be specified.
 

internal/services/lb/frontend.go

@@ -218,6 +218,11 @@ func ResourceFrontend() *schema.Resource {
 				Optional:    true,
 				Default:     false,
 			},
+			"connection_rate_limit": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Description: "Rate limit for new connections established on this frontend. Use 0 value to disable, else value is connections per second",
+			},
 		},
 	}
 }
@@ -265,13 +270,14 @@ func resourceLbFrontendCreate(ctx context.Context, d *schema.ResourceData, m int
 	}
 
 	createFrontendRequest := &lbSDK.ZonedAPICreateFrontendRequest{
-		Zone:          zone,
-		LBID:          lbID,
-		Name:          types.ExpandOrGenerateString(d.Get("name"), "lb-frt"),
-		InboundPort:   int32(d.Get("inbound_port").(int)),
-		BackendID:     locality.ExpandID(d.Get("backend_id")),
-		TimeoutClient: timeoutClient,
-		EnableHTTP3:   d.Get("enable_http3").(bool),
+		Zone:                zone,
+		LBID:                lbID,
+		Name:                types.ExpandOrGenerateString(d.Get("name"), "lb-frt"),
+		InboundPort:         int32(d.Get("inbound_port").(int)),
+		BackendID:           locality.ExpandID(d.Get("backend_id")),
+		TimeoutClient:       timeoutClient,
+		EnableHTTP3:         d.Get("enable_http3").(bool),
+		ConnectionRateLimit: types.ExpandUint32Ptr(d.Get("connection_rate_limit")),
 	}
 
 	certificatesRaw, certificatesExist := d.GetOk("certificate_ids")
@@ -319,6 +325,7 @@ func resourceLbFrontendRead(ctx context.Context, d *schema.ResourceData, m inter
 	_ = d.Set("inbound_port", int(frontend.InboundPort))
 	_ = d.Set("timeout_client", types.FlattenDuration(frontend.TimeoutClient))
 	_ = d.Set("enable_http3", frontend.EnableHTTP3)
+	_ = d.Set("connection_rate_limit", types.FlattenUint32Ptr(frontend.ConnectionRateLimit))
 
 	if frontend.Certificate != nil { //nolint:staticcheck
 		_ = d.Set("certificate_id", zonal.NewIDString(zone, frontend.Certificate.ID)) //nolint:staticcheck
@@ -474,14 +481,15 @@ func resourceLbFrontendUpdate(ctx context.Context, d *schema.ResourceData, m int
 	}
 
 	req := &lbSDK.ZonedAPIUpdateFrontendRequest{
-		Zone:           zone,
-		FrontendID:     ID,
-		Name:           types.ExpandOrGenerateString(d.Get("name"), "lb-frt"),
-		InboundPort:    int32(d.Get("inbound_port").(int)),
-		BackendID:      locality.ExpandID(d.Get("backend_id")),
-		TimeoutClient:  timeoutClient,
-		CertificateIDs: types.ExpandSliceIDsPtr(d.Get("certificate_ids")),
-		EnableHTTP3:    d.Get("enable_http3").(bool),
+		Zone:                zone,
+		FrontendID:          ID,
+		Name:                types.ExpandOrGenerateString(d.Get("name"), "lb-frt"),
+		InboundPort:         int32(d.Get("inbound_port").(int)),
+		BackendID:           locality.ExpandID(d.Get("backend_id")),
+		TimeoutClient:       timeoutClient,
+		CertificateIDs:      types.ExpandSliceIDsPtr(d.Get("certificate_ids")),
+		EnableHTTP3:         d.Get("enable_http3").(bool),
+		ConnectionRateLimit: types.ExpandUint32Ptr(d.Get("connection_rate_limit")),
 	}
 
 	_, err = lbAPI.UpdateFrontend(req, scw.WithContext(ctx))

internal/services/lb/frontend_test.go

@@ -50,6 +50,7 @@ func TestAccFrontend_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "inbound_port", "80"),
 					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "timeout_client", ""),
 					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "enable_http3", "false"),
+					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "connection_rate_limit", "0"),
 				),
 			},
 			{
@@ -73,6 +74,7 @@ func TestAccFrontend_Basic(t *testing.T) {
 						inbound_port = 443
 						timeout_client = "30s"
 						enable_http3 = true
+						connection_rate_limit = 100
 					}
 				`,
 				Check: resource.ComposeTestCheckFunc(
@@ -81,6 +83,7 @@ func TestAccFrontend_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "inbound_port", "443"),
 					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "timeout_client", "30s"),
 					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "enable_http3", "true"),
+					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01", "connection_rate_limit", "100"),
 				),
 			},
 		},

internal/services/lb/route.go

@@ -55,6 +55,12 @@ func ResourceRoute() *schema.Resource {
 				Description:   "Specifies the host of the server to which the request is being sent",
 				ConflictsWith: []string{"match_sni"},
 			},
+			"match_subdomains": {
+				Type:        schema.TypeBool,
+				Description: "If true, all subdomains will match",
+				Optional:    true,
+				Default:     false,
+			},
 			"created_at": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -94,8 +100,9 @@ func resourceLbRouteCreate(ctx context.Context, d *schema.ResourceData, m interf
 		FrontendID: frontID,
 		BackendID:  backID,
 		Match: &lbSDK.RouteMatch{
-			Sni:        types.ExpandStringPtr(d.Get("match_sni")),
-			HostHeader: types.ExpandStringPtr(d.Get("match_host_header")),
+			Sni:             types.ExpandStringPtr(d.Get("match_sni")),
+			HostHeader:      types.ExpandStringPtr(d.Get("match_host_header")),
+			MatchSubdomains: d.Get("match_subdomains").(bool),
 		},
 	}
 
@@ -133,6 +140,7 @@ func resourceLbRouteRead(ctx context.Context, d *schema.ResourceData, m interfac
 	_ = d.Set("backend_id", zonal.NewIDString(zone, route.BackendID))
 	_ = d.Set("match_sni", types.FlattenStringPtr(route.Match.Sni))
 	_ = d.Set("match_host_header", types.FlattenStringPtr(route.Match.HostHeader))
+	_ = d.Set("match_subdomains", route.Match.MatchSubdomains)
 	_ = d.Set("created_at", types.FlattenTime(route.CreatedAt))
 	_ = d.Set("updated_at", types.FlattenTime(route.UpdatedAt))
 
@@ -159,8 +167,9 @@ func resourceLbRouteUpdate(ctx context.Context, d *schema.ResourceData, m interf
 		RouteID:   ID,
 		BackendID: backID,
 		Match: &lbSDK.RouteMatch{
-			Sni:        types.ExpandStringPtr(d.Get("match_sni")),
-			HostHeader: types.ExpandStringPtr(d.Get("match_host_header")),
+			Sni:             types.ExpandStringPtr(d.Get("match_sni")),
+			HostHeader:      types.ExpandStringPtr(d.Get("match_host_header")),
+			MatchSubdomains: d.Get("match_subdomains").(bool),
 		},
 	}
 

internal/services/lb/route_test.go

@@ -48,6 +48,41 @@ func TestAccRoute_WithSNI(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					isRoutePresent(tt, "scaleway_lb_route.rt01"),
 					resource.TestCheckResourceAttr("scaleway_lb_route.rt01", "match_sni", "sni.scaleway.com"),
+					resource.TestCheckResourceAttr("scaleway_lb_route.rt01", "match_subdomains", "false"),
+					resource.TestCheckResourceAttrSet("scaleway_lb_route.rt01", "created_at"),
+					resource.TestCheckResourceAttrSet("scaleway_lb_route.rt01", "updated_at"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_lb_ip ip01 {}
+					resource scaleway_lb lb01 {
+						ip_id = scaleway_lb_ip.ip01.id
+						name = "test-lb"
+						type = "lb-s"
+					}
+					resource scaleway_lb_backend bkd01 {
+						lb_id = scaleway_lb.lb01.id
+						forward_protocol = "tcp"
+						forward_port = 80
+						proxy_protocol = "none"
+					}
+					resource scaleway_lb_frontend frt01 {
+						lb_id = scaleway_lb.lb01.id
+						backend_id = scaleway_lb_backend.bkd01.id
+						inbound_port = 80
+					}
+					resource scaleway_lb_route rt01 {
+						frontend_id = scaleway_lb_frontend.frt01.id
+						backend_id = scaleway_lb_backend.bkd01.id
+						match_sni = "sni.scaleway.com"
+						match_subdomains = true
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isRoutePresent(tt, "scaleway_lb_route.rt01"),
+					resource.TestCheckResourceAttr("scaleway_lb_route.rt01", "match_sni", "sni.scaleway.com"),
+					resource.TestCheckResourceAttr("scaleway_lb_route.rt01", "match_subdomains", "true"),
 					resource.TestCheckResourceAttrSet("scaleway_lb_route.rt01", "created_at"),
 					resource.TestCheckResourceAttrSet("scaleway_lb_route.rt01", "updated_at"),
 				),

internal/services/lb/routes_data_source.go

@@ -46,6 +46,10 @@ func DataSourceRoutes() *schema.Resource {
 							Computed: true,
 							Type:     schema.TypeString,
 						},
+						"match_subdomains": {
+							Computed: true,
+							Type:     schema.TypeBool,
+						},
 						"created_at": {
 							Computed: true,
 							Type:     schema.TypeString,
@@ -94,6 +98,7 @@ func DataSourceLbRoutesRead(ctx context.Context, d *schema.ResourceData, m inter
 		rawRoute["update_at"] = types.FlattenTime(route.UpdatedAt)
 		rawRoute["match_sni"] = types.FlattenStringPtr(route.Match.Sni)
 		rawRoute["match_host_header"] = types.FlattenStringPtr(route.Match.HostHeader)
+		rawRoute["match_subdomains"] = route.Match.MatchSubdomains
 
 		routes = append(routes, rawRoute)
 	}