fix(lb): handle support for valid custom certificates (scaleway#971)

* fix(k8s): cassette * feat(lb): create-certificate script to wrap the ACME client on letsencrypt and scaleway provider * feat(lb): add wait to certificate creation * feat(lb): remove custom test on lb * feat(lb): remove .lego directory * feat(lb): remove custom certificate cassette * feat(lb): add new certificate test * feat(lb): update cassette
clement-gilbert · Dec 21, 2021 · 5c81757 · 5c81757
1 parent 2acdb2b
commit 5c81757
Show file tree

Hide file tree

Showing 5 changed files with 1,532 additions and 323 deletions.
diff --git a/.gitignore b/.gitignore
@@ -37,3 +37,6 @@ website/vendor
 dist/
 
 terraform-provider-scaleway
+
+# Lego ACME client
+.lego/
diff --git a/scaleway/resource_lb_certificate.go b/scaleway/resource_lb_certificate.go
@@ -140,11 +140,33 @@ func resourceScalewayLbCertificateCreate(ctx context.Context, d *schema.Resource
 		return diag.FromErr(errors.New("you need to define either letsencrypt or custom_certificate configuration"))
 	}
 
+	retryInterval := DefaultWaitLBRetryInterval
+	_, err = lbAPI.WaitForLb(&lb.ZonedAPIWaitForLBRequest{
+		Zone:          zone,
+		LBID:          lbID,
+		Timeout:       scw.TimeDurationPtr(defaultInstanceServerWaitTimeout),
+		RetryInterval: &retryInterval,
+	}, scw.WithContext(ctx))
+	// check err waiting process
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	res, err := lbAPI.CreateCertificate(createReq, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
 	}
 
+	_, err = lbAPI.WaitForLb(&lb.ZonedAPIWaitForLBRequest{
+		Zone:          zone,
+		LBID:          lbID,
+		Timeout:       scw.TimeDurationPtr(defaultInstanceServerWaitTimeout),
+		RetryInterval: &retryInterval,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	d.SetId(newZonedIDString(zone, res.ID))
 
 	return resourceScalewayLbCertificateRead(ctx, d, meta)
@@ -169,6 +191,17 @@ func resourceScalewayLbCertificateRead(ctx context.Context, d *schema.ResourceDa
 		return diag.FromErr(err)
 	}
 
+	retryInterval := DefaultWaitLBRetryInterval
+	_, err = lbAPI.WaitForLb(&lb.ZonedAPIWaitForLBRequest{
+		Zone:          zone,
+		LBID:          res.LB.ID,
+		Timeout:       scw.TimeDurationPtr(defaultInstanceServerWaitTimeout),
+		RetryInterval: &retryInterval,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	_ = d.Set("lb_id", newZonedIDString(zone, res.LB.ID))
 	_ = d.Set("name", res.Name)
 	_ = d.Set("common_name", res.CommonName)
@@ -186,6 +219,25 @@ func resourceScalewayLbCertificateUpdate(ctx context.Context, d *schema.Resource
 		return diag.FromErr(err)
 	}
 
+	cert, err := lbAPI.GetCertificate(&lb.ZonedAPIGetCertificateRequest{
+		CertificateID: ID,
+		Zone:          zone,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	retryInterval := DefaultWaitLBRetryInterval
+	_, err = lbAPI.WaitForLb(&lb.ZonedAPIWaitForLBRequest{
+		Zone:          zone,
+		LBID:          cert.LB.ID,
+		Timeout:       scw.TimeDurationPtr(defaultInstanceServerWaitTimeout),
+		RetryInterval: &retryInterval,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	req := &lb.ZonedAPIUpdateCertificateRequest{
 		CertificateID: ID,
 		Zone:          zone,
@@ -197,6 +249,16 @@ func resourceScalewayLbCertificateUpdate(ctx context.Context, d *schema.Resource
 		return diag.FromErr(err)
 	}
 
+	_, err = lbAPI.WaitForLb(&lb.ZonedAPIWaitForLBRequest{
+		Zone:          zone,
+		LBID:          cert.LB.ID,
+		Timeout:       scw.TimeDurationPtr(defaultInstanceServerWaitTimeout),
+		RetryInterval: &retryInterval,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	return resourceScalewayLbCertificateRead(ctx, d, meta)
 }
 
@@ -206,14 +268,42 @@ func resourceScalewayLbCertificateDelete(ctx context.Context, d *schema.Resource
 		return diag.FromErr(err)
 	}
 
+	cert, err := lbAPI.GetCertificate(&lb.ZonedAPIGetCertificateRequest{
+		CertificateID: ID,
+		Zone:          zone,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	retryInterval := DefaultWaitLBRetryInterval
+	_, err = lbAPI.WaitForLb(&lb.ZonedAPIWaitForLBRequest{
+		Zone:          zone,
+		LBID:          cert.LB.ID,
+		Timeout:       scw.TimeDurationPtr(defaultInstanceServerWaitTimeout),
+		RetryInterval: &retryInterval,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	err = lbAPI.DeleteCertificate(&lb.ZonedAPIDeleteCertificateRequest{
 		Zone:          zone,
 		CertificateID: ID,
 	}, scw.WithContext(ctx))
-
 	if err != nil && !is404Error(err) {
 		return diag.FromErr(err)
 	}
 
+	_, err = lbAPI.WaitForLb(&lb.ZonedAPIWaitForLBRequest{
+		Zone:          zone,
+		LBID:          cert.LB.ID,
+		Timeout:       scw.TimeDurationPtr(defaultInstanceServerWaitTimeout),
+		RetryInterval: &retryInterval,
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	return nil
 }
diff --git a/scaleway/resource_lb_certificate_test.go b/scaleway/resource_lb_certificate_test.go
@@ -114,26 +114,97 @@ func TestAccScalewayLbCertificate_Basic(t *testing.T) {
 					  	custom_certificate {
 							certificate_chain = <<EOF
 -----BEGIN CERTIFICATE-----
-MIIDXzCCAkegAwIBAgIUCQTOZjf11LGYmvGVw7xxWurGFgMwDQYJKoZIhvcNAQEL
-BQAwSDELMAkGA1UEBhMCRlIxDjAMBgNVBAcMBVBhcmlzMREwDwYDVQQKDAhTY2Fs
-ZXdhdTEWMBQGA1UEAwwNKi5leGFtcGxlLmNvbTAeFw0yMDA0MjgxNzQ2MzFaFw0y
-MjA0MjgxNzQ2MzFaMEgxCzAJBgNVBAYTAkZSMQ4wDAYDVQQHDAVQYXJpczERMA8G
-A1UECgwIU2NhbGV3YXUxFjAUBgNVBAMMDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCws8az+MXTtmNKN66Bl2HmlkAxazMcK9eG
-rmU5jOs3nNZevjn4FhQClVt2mOX7G37b32wpLyt5MUYGg+Ac95fL5zx9nwp57YBx
-NteGYIUpLTD2tb3aKuuIM+eSFkRabOsN1cqwqtMK8pW1YA48olhrunxW82SrMKUw
-cFN508wochbeupkk6nG3K29+1Uhwzr9B93xVQ5FQZKSvj5fuC3OIWJitpVyWlGBx
-pdoTq6T5W3H0odCNoUx8U0nKjOtcPoupe4ZAHL5VEmKi/PaNn4Wpjf0e6KSQv2ld
-WjCyaxSMpVpDSIsGPwy1symPV5Vk586Oexy2A5DIMlLRhGqAR9VbAgMBAAGjQTA/
-MA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDATAYBgNVHREEETAP
-gg0qLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQACL1iY9Az8VQM4sOKS
-NYYenvlzGalfQGrNh76DD5edv+0a5YQhWiVXoig0BIwPrsEGR1D4epH4Hrp9Uw56
-5Pln7kpZmcr3rm5WNxYLVBp7uTbAuFAiZZqLKPp7n3eay5AYjGYNa0DEvm0PijF3
-YqpCulrHYNFi0kxwNuoyJ6lORWjbCchxW14zB65hM1nLC4iXUtMF1cin1oOTtRKg
-7o6bLtz7BSdkZE/VSpEg17KO0bR9NWraBby08sf5QcPWrzYYyeoCoR9jC3a2ifUP
-XlnKjeabTGw/NxayLLRJLu5+dJuPodHm/I1Uwl1QWSbh4d1FQBX436mK41zMZhg0
-hUVl
+MIIEeDCCA2CgAwIBAgISA+78x4/3radnfUGMWDp4jLA+MA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMTEyMjAxMzU1MDlaFw0yMjAzMjAxMzU1MDhaMCkxJzAlBgNVBAMT
+HnN0YWdpbmcuc2NhbGV3YXktdGVycmFmb3JtLmNvbTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABPqtv8kzJW2QI3LG93ScS13SSm5SIJI2uAoIhny4Lj06g05ff7mM
+gmd+XgID6OmWOB+Paso3Udq6hccEUN/URlKjggJaMIICVjAOBgNVHQ8BAf8EBAMC
+B4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
+HQYDVR0OBBYEFJvpLZyegSLA1uGb1o2QvthXFb+OMB8GA1UdIwQYMBaAFBQusxe3
+WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
+cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
+ci5vcmcvMCkGA1UdEQQiMCCCHnN0YWdpbmcuc2NhbGV3YXktdGVycmFmb3JtLmNv
+bTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUF
+BwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIE
+gfYEgfMA8QB2AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfdhW
+1YQAAAQDAEcwRQIgIFwFx6ihGAbrAGEtXsncJB2JGg899FAuQIS4tar08UgCIQCY
+xmuSCme644NT4cq1HQYaO0EX0FvIgXRGULciNzsoGwB3AEalVet1+pEgMLWiiWn0
+830RLEF0vv1JuIWr8vxw/m1HAAABfdhW1awAAAQDAEgwRgIhAKkjKvUYsQqqn1rI
+z/I9ryz3hwUBIrnh33kCAthLXXwNAiEAhM7UwVoljG5UK9g+QxckiL9sWn+W+z+8
+YLoJJQhrKbwwDQYJKoZIhvcNAQELBQADggEBAKbLFTFyWyXkfPqI0x4Z2I7PHXH4
+w7J5E1fqVLyg3rIojCSzwsYzbOhVEjZ5CK8W3LKbG9s/kOBqmoNgoGgT4thZg4Ks
+uZz9am4AeKWz0z6SjUgqLt53UCIj5VbefccOkuuqPa0l5sCAo3gCeV9BfwHmAg3m
+zPkjEfqNkEzot3tei/M4RRDn7caURghxbOG9tm8c1aCe/gsq0G0j1KRM8zwXCDQ2
+nKzB5TIJsAHKlIkUfyheK+xG+B4F2f5mfdY4l4a/mQH4+nLcWdMly1DzHMrdyC8c
+6m2o9DBaRsXON54j8Fdgct/C5P3r0IjK6ne2PEiLhi/WYFiw60/sNjQHKsQ=
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEII45PLJDlsxyXYk55ladXnPUQOwYphEOy3Z3qlt5EoRBoAoGCCqGSM49
+AwEHoUQDQgAE+q2/yTMlbZAjcsb3dJxLXdJKblIgkja4CgiGfLguPTqDTl9/uYyC
+Z35eAgPo6ZY4H49qyjdR2rqFxwRQ39RGUg==
+-----END EC PRIVATE KEY-----
 EOF
 					  	}
 					}
-Original file line number
+Diff line change
@@ Expand Up / @@ -37,3 +37,6 @@ website/vendor @@
     dist/
     terraform-provider-scaleway
+    # Lego ACME client
+    .lego/