feat: Add 'sni_mode' for CDN resource/DS (#690)

* feat: Add 'sni_mode' for CDN resource/DS

* doc: Modify CHANGELOG.md

* refactor: Upgrade version for sdk-go-bundle/products/cdn/v2

CHANGELOG.md

@@ -1,4 +1,6 @@
-## 6.5.9 - upcoming release
+## 6.5.9
+### Features
+  - Add new, required `sni_mode` attribute for `ionoscloud_cdn_distribution` resource and data source
 ### Documentation
   - Add `FAQ` section in `README.md`, add information about IP retrieval for `NIC`s
 
@@ -9,6 +11,7 @@
   - Remove `image_alias` from `ionocloud_volume` data source and resource docs
 ### Fixes
   - Allow empty `prefix` for bucket lifecycle configuration rules
+
 ## 6.5.7
 ### Fixes
   - Fix documentation rendering of `autoscaling_group` resource and data source, `dbaas_mongo_template` data source and `server_boot_device_selection` resource in Terraform registry

docs/data-sources/cdn_distribution.md

@@ -59,6 +59,7 @@ The following attributes are returned by the datasource:
         * `host` - The upstream host that handles the requests if not already cached. This host will be protected by the WAF if the option is enabled.
         * `caching` - Enable or disable caching. If enabled, the CDN will cache the responses from the upstream host. Subsequent requests for the same resource will be served from the cache.
         * `waf` - Enable or disable WAF to protect the upstream host.
+        * `sni_mode` - The SNI (Server Name Indication) mode of the upstream. It supports two modes: 1) `distribution`: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured domain of the CDN distribution; 2) `origin`: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured upstream/origin hostname.
         * `rate_limit_class` - Rate limit class that will be applied to limit the number of incoming requests per IP.
         * `geo_restrictions` - A map of geo_restrictions
             * `allow_list` - List of allowed countries

docs/resources/cdn_distribution.md

@@ -25,6 +25,7 @@ resource "ionoscloud_cdn_distribution" "example" {
       host                = "server.example.com"
       caching             = true
       waf                 = true
+      sni_mode            = "distribution"
       rate_limit_class    = "R500"
       geo_restrictions {
         allow_list = [ "CN", "RU"]
@@ -38,6 +39,7 @@ resource "ionoscloud_cdn_distribution" "example" {
       host                = "server2.example.com"
       caching             = false
       waf                 = false
+      sni_mode            = "origin"
       rate_limit_class    = "R10"
       geo_restrictions {
         block_list = [ "CN", "RU"]
@@ -68,6 +70,7 @@ The following arguments are supported:
         * `host` - (Required)[string] The upstream host that handles the requests if not already cached. This host will be protected by the WAF if the option is enabled.
         * `caching` - (Required)[bool] Enable or disable caching. If enabled, the CDN will cache the responses from the upstream host. Subsequent requests for the same resource will be served from the cache.
         * `waf` - (Required)[bool] Enable or disable WAF to protect the upstream host.
+        * `sni_mode` - (Required)[string] The SNI (Server Name Indication) mode of the upstream. It supports two modes: 1) `distribution`: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured domain of the CDN distribution; 2) `origin`: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured upstream/origin hostname.
         * `rate_limit_class` - (Required)[string] Rate limit class that will be applied to limit the number of incoming requests per IP.
         * `geo_restrictions` - (Optional)[map] - A map of geo_restrictions
             * `allow_list` - (Optional)[string] List of allowed countries

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/huandu/xstrings v1.5.0
 	github.com/iancoleman/strcase v0.3.0
 	github.com/ionos-cloud/sdk-go-api-gateway v1.0.0
-	github.com/ionos-cloud/sdk-go-bundle/products/cdn/v2 v2.0.1
+	github.com/ionos-cloud/sdk-go-bundle/products/cdn/v2 v2.1.0
 	github.com/ionos-cloud/sdk-go-bundle/products/logging/v2 v2.1.1
 	github.com/ionos-cloud/sdk-go-bundle/products/vpn/v2 v2.0.1
 	github.com/ionos-cloud/sdk-go-bundle/shared v0.1.1

go.sum

@@ -114,8 +114,8 @@ github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSAS
 github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ionos-cloud/sdk-go-api-gateway v1.0.0 h1:T+JzarV1Iw7NjWQfEuv5bESnHoCLOMpPtbcKC4T5Uzk=
 github.com/ionos-cloud/sdk-go-api-gateway v1.0.0/go.mod h1:TkSlamP+qKRT8cgBaZEN8rawanVluOR0dXbXXdmmwTY=
-github.com/ionos-cloud/sdk-go-bundle/products/cdn/v2 v2.0.1 h1:tl9kZwY1+7nW7fFDTlV0wdNts8dbyupN/PvrgArgHZg=
-github.com/ionos-cloud/sdk-go-bundle/products/cdn/v2 v2.0.1/go.mod h1:nd6z+U8wGfqtgR3Ck8mQ5b1FJty0oaQIQPkmVARuYbE=
+github.com/ionos-cloud/sdk-go-bundle/products/cdn/v2 v2.1.0 h1:8fRICa4i+GJHrCgnLe8t3uwfahkg7pcDDwoLkH3B2Xc=
+github.com/ionos-cloud/sdk-go-bundle/products/cdn/v2 v2.1.0/go.mod h1:BF6R+j1GdJEMImxkeh32qjIVWqsBfgi6VgyfsY5ezIA=
 github.com/ionos-cloud/sdk-go-bundle/products/logging/v2 v2.1.1 h1:GXxdNKl7haQnHO1QewZeXazur5+LDCpHqvP+nNObGaA=
 github.com/ionos-cloud/sdk-go-bundle/products/logging/v2 v2.1.1/go.mod h1:N0ifRq3ENqGg6qht1WPrVgSkcavPS5SRWlNfkHUZbfQ=
 github.com/ionos-cloud/sdk-go-bundle/products/vpn/v2 v2.0.1 h1:/CO5Y+21l9m8tkW/N/SXX6TIgJKBfEvNQ+I08GjxASU=

ionoscloud/data_source_cdn_distribution.go

@@ -90,6 +90,11 @@ func dataSourceCDNDistribution() *schema.Resource {
 										Description: "Enable or disable WAF to protect the upstream host.",
 										Computed:    true,
 									},
+									"sni_mode": {
+										Type:        schema.TypeString,
+										Description: "The SNI (Server Name Indication) mode of the upstream host. It supports two modes: 'distribution' and 'origin', for more information about these modes please check the data source docs.",
+										Computed:    true,
+									},
 									"geo_restrictions": {
 										Type:     schema.TypeList,
 										Computed: true,

ionoscloud/resource_cdn_distribution.go

@@ -91,6 +91,11 @@ func resourceCDNDistribution() *schema.Resource {
 										Description: "Enable or disable WAF to protect the upstream host.",
 										Required:    true,
 									},
+									"sni_mode": {
+										Type:        schema.TypeString,
+										Description: "The SNI (Server Name Indication) mode of the upstream host. It supports two modes: 'distribution' and 'origin', for more information about these modes please check the resource docs.",
+										Required:    true,
+									},
 									"geo_restrictions": {
 										Type:     schema.TypeList,
 										Optional: true,

ionoscloud/resource_cdn_distribution_test.go

@@ -37,6 +37,7 @@ func TestAccDistributionBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.host", "server.example.com"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.caching", "true"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.waf", "true"),
+					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.sni_mode", "distribution"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.rate_limit_class", "R100"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "certificate_id", ""),
 					resource.TestCheckNoResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.geo_restrictions.#"),
@@ -51,6 +52,7 @@ func TestAccDistributionBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.prefix", "/api"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.host", "server.example.com"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.caching", "true"),
+					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.sni_mode", "distribution"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.waf", "true"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.rate_limit_class", "R100"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.geo_restrictions.0.allow_list.0", "RO"),
@@ -70,6 +72,7 @@ func TestAccDistributionBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.host", "server.example.com"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.caching", "true"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.waf", "true"),
+					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.sni_mode", "distribution"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.rate_limit_class", "R100"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.geo_restrictions.0.allow_list.0", "RO"),
 				),
@@ -88,6 +91,7 @@ func TestAccDistributionBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.caching", "true"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.waf", "true"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.rate_limit_class", "R100"),
+					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.sni_mode", "distribution"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.geo_restrictions.0.allow_list.0", "RO"),
 				),
 			},
@@ -104,13 +108,15 @@ func TestAccDistributionBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.prefix", "/api2"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.host", "server.server.example.com"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.caching", "false"),
+					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.sni_mode", "origin"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.waf", "true"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.rate_limit_class", "R10"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.0.upstream.0.geo_restrictions.0.block_list.0", "RO"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.scheme", "https"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.prefix", "/api3"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.upstream.0.host", "server2.example.com"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.upstream.0.caching", "true"),
+					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.upstream.0.sni_mode", "origin"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.upstream.0.waf", "false"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.upstream.0.rate_limit_class", "R100"),
 					resource.TestCheckResourceAttr(constant.CDNDistributionResource+"."+constant.CDNDistributionTestResource, "routing_rules.1.upstream.0.geo_restrictions.0.allow_list.0", "CN"),
@@ -222,6 +228,7 @@ EOT
 			caching          = false
 			waf              = true
 			rate_limit_class = "R10"
+			sni_mode 		 = "origin"
 			geo_restrictions {
 				block_list = [ "RO"]
 			}
@@ -235,6 +242,7 @@ EOT
 			caching          = true
 			waf              = false
 			rate_limit_class = "R100"
+			sni_mode 		 = "origin"
 			geo_restrictions {
 				allow_list = [ "CN", "RU"]
 			}

ionoscloud/test_constants.go

@@ -1686,6 +1686,7 @@ const testAccCheckCDNDistributionConfigOnlyRequired = `resource ` + constant.CDN
 			host             = "server.example.com"
 			caching          = true
 			waf              = true
+			sni_mode		 = "distribution"
 			rate_limit_class = "R100"
 		}
 	}
@@ -1700,6 +1701,7 @@ const testAccCheckCDNDistributionConfigBasic = `resource ` + constant.CDNDistrib
 			host             = "server.example.com"
 			caching          = true
 			waf              = true
+			sni_mode		 = "distribution"
 			rate_limit_class = "R100"
 			geo_restrictions {
 				allow_list = [ "RO"]
@@ -1718,6 +1720,7 @@ const testAccCheckCDNDistributionConfigBasicImport = `resource ` + constant.CDND
 			caching          = true
 			waf              = true
 			rate_limit_class = "R100"
+			sni_mode		 = "distribution"
 			geo_restrictions {
 				allow_list = [ "RO"]
 			}

services/cdn/distributions.go

@@ -56,6 +56,7 @@ func SetDistributionData(d *schema.ResourceData, distribution cdn.Distribution)
 			upstreamEntry["caching"] = rule.Upstream.Caching
 			upstreamEntry["waf"] = rule.Upstream.Waf
 			upstreamEntry["host"] = rule.Upstream.Host
+			upstreamEntry["sni_mode"] = rule.Upstream.SniMode
 			upstreamEntry["rate_limit_class"] = rule.Upstream.RateLimitClass
 			if rule.Upstream.GeoRestrictions != nil {
 				geoRestrictionsEntry := make(map[string]interface{})
@@ -110,7 +111,9 @@ func GetRoutingRulesData(d *schema.ResourceData) (*[]cdn.RoutingRule, error) {
 			if waf, wafOk := d.GetOkExists(fmt.Sprintf("routing_rules.%d.upstream.0.waf", routingRuleIndex)); wafOk { //nolint:staticcheck
 				routingRule.Upstream.Waf = waf.(bool)
 			}
-
+			if sniMode, sniModeOk := d.GetOk(fmt.Sprintf("routing_rules.%d.upstream.0.sni_mode", routingRuleIndex)); sniModeOk {
+				routingRule.Upstream.SniMode = sniMode.(string)
+			}
 			if _, geoRestrictionsOk := d.GetOk(fmt.Sprintf("routing_rules.%d.upstream.0.geo_restrictions", routingRuleIndex)); geoRestrictionsOk {
 				routingRule.Upstream.GeoRestrictions = &cdn.UpstreamGeoRestrictions{}
 				if allowList, allowListOk := d.GetOk(fmt.Sprintf("routing_rules.%d.upstream.0.geo_restrictions.0.allow_list", routingRuleIndex)); allowListOk {