Merge pull request #21 from olljanat/support-sslprofile-setting

Sslprofile support for lbvserver and csvserver

README.md

@@ -84,6 +84,7 @@ resource "netscaler_lbvserver" "foo" {
   lbmethod = "ROUNDROBIN"
   persistencetype = "COOKIEINSERT"
   sslcertkey = "${netscaler_sslcertkey.foo.certkey}"
+  sslprofile = "ns_default_ssl_profile_secure_frontend"
 }
 ```
 
@@ -129,6 +130,7 @@ resource "netscaler_csvserver" "foo" {
   ipv46 = "10.71.139.151"
   servicetype = "SSL"
   port = 443
+  sslprofile = "ns_default_ssl_profile_secure_frontend"
 }
 ```
 

examples/content_switch_ssl_lb_mon/resources.tf

@@ -13,6 +13,7 @@ resource "netscaler_csvserver" "generic_cs" {
   port = "${lookup(var.lb_config, "port")}"
   servicetype = "${lookup(var.lb_config, "servicetype")}"
   sslcertkey = "${netscaler_sslcertkey.generic-cert.certkey}"
+  sslprofile = "ns_default_ssl_profile_secure_frontend"
 }
 
 resource "netscaler_cspolicy" "cart" {

examples/ssl_lb_monitors/resources.tf

@@ -15,6 +15,7 @@ resource "netscaler_lbvserver" "generic_lb" {
   persistencetype = "COOKIEINSERT"
   servicetype = "${lookup(var.lb_config, "servicetype")}"
   sslcertkey = "${netscaler_sslcertkey.generic-cert.certkey}"
+  sslprofile = "ns_default_ssl_profile_secure_frontend"
 }
 
 

netscaler/resource_csvserver.go

@@ -284,6 +284,10 @@ func resourceNetScalerCsvserver() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"sslprofile": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -383,6 +387,25 @@ func createCsvserverFunc(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
+	sslprofile, spok := d.GetOk("sslprofile")
+	if spok { //ssl profile is specified
+		sslvserver := ssl.Sslvserver{
+			Vservername: csvserverName,
+			Sslprofile:  sslprofile.(string),
+		}
+		log.Printf("[INFO] netscaler-provider:  Binding ssl profile %s to csvserver %s", sslprofile, csvserverName)
+		_, err := client.UpdateResource(netscaler.Sslvserver.Type(), csvserverName, &sslvserver)
+		if err != nil {
+			log.Printf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to csvserver %s", sslprofile, csvserverName)
+			err2 := client.DeleteResource(netscaler.Csvserver.Type(), csvserverName)
+			if err2 != nil {
+				log.Printf("[ERROR] netscaler-provider:  Failed to delete csvserver %s after bind to ssl profile failed", csvserverName)
+				return fmt.Errorf("[ERROR] netscaler-provider:  Failed to delete csvserver %s after bind to ssl profile failed", csvserverName)
+			}
+			return fmt.Errorf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to csvserver %s", sslprofile, csvserverName)
+		}
+	}
+
 	d.SetId(csvserverName)
 
 	err = readCsvserverFunc(d, meta)
@@ -473,6 +496,9 @@ func readCsvserverFunc(d *schema.ResourceData, meta interface{}) error {
 	}
 	d.Set("sslcertkey", boundCert)
 
+	dataSsl, _ := client.FindResource(netscaler.Sslvserver.Type(), csvserverName)
+	d.Set("sslprofile", dataSsl["sslprofile"])
+
 	return nil
 
 }
@@ -487,6 +513,7 @@ func updateCsvserverFunc(d *schema.ResourceData, meta interface{}) error {
 	}
 	hasChange := false
 	sslcertkeyChanged := false
+	sslprofileChanged := false
 	if d.HasChange("appflowlog") {
 		log.Printf("[DEBUG] netscaler-provider:  Appflowlog has changed for csvserver %s, starting update", csvserverName)
 		csvserver.Appflowlog = d.Get("appflowlog").(string)
@@ -751,6 +778,10 @@ func updateCsvserverFunc(d *schema.ResourceData, meta interface{}) error {
 		log.Printf("[DEBUG] netscaler-provider:  ssl certkey has changed for csvserver %s, starting update", csvserverName)
 		sslcertkeyChanged = true
 	}
+	if d.HasChange("sslprofile") {
+		log.Printf("[DEBUG] netscaler-provider:  ssl profile has changed for csvserver %s, starting update", csvserverName)
+		sslprofileChanged = true
+	}
 
 	sslcertkey := d.Get("sslcertkey")
 	sslcertkeyName := sslcertkey.(string)
@@ -792,6 +823,34 @@ func updateCsvserverFunc(d *schema.ResourceData, meta interface{}) error {
 		log.Printf("[DEBUG] netscaler-provider: new ssl cert has been bound to csvserver  sslcertkey %s csvserver %s", sslcertkeyName, csvserverName)
 	}
 
+	sslprofile := d.Get("sslprofile")
+	if sslprofileChanged {
+		sslprofileName := sslprofile.(string)
+
+		if sslprofileName == "" {
+			sslvserver := ssl.Sslvserver{
+				Vservername: csvserverName,
+				Sslprofile:  "true",
+			}
+			err := client.ActOnResource(netscaler.Sslvserver.Type(), &sslvserver, "unset")
+			if err != nil {
+				return fmt.Errorf("[ERROR] netscaler-provider: Error unbinding ssl profile from csvserver %s", csvserverName)
+			}
+		} else {
+			sslvserver := ssl.Sslvserver{
+				Vservername: csvserverName,
+				Sslprofile:  sslprofileName,
+			}
+			log.Printf("[INFO] netscaler-provider:  Binding ssl profile %s to csvserver %s", sslprofileName, csvserverName)
+			_, err := client.UpdateResource(netscaler.Sslvserver.Type(), csvserverName, &sslvserver)
+			if err != nil {
+				log.Printf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to csvserver %s", sslprofileName, csvserverName)
+				return fmt.Errorf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to csvserver %s", sslprofileName, csvserverName)
+			}
+			log.Printf("[DEBUG] netscaler-provider: new ssl profile has been bound to csvserver  sslprofile %s csvserver %s", sslprofileName, csvserverName)
+		}
+	}
+
 	return readCsvserverFunc(d, meta)
 }
 

netscaler/resource_lbvserver.go

@@ -449,6 +449,10 @@ func resourceNetScalerLbvserver() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"sslprofile": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -582,6 +586,25 @@ func createLbvserverFunc(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
+	sslprofile, spok := d.GetOk("sslprofile")
+	if spok { //ssl profile is specified
+		sslvserver := ssl.Sslvserver{
+			Vservername: lbvserverName,
+			Sslprofile:  sslprofile.(string),
+		}
+		log.Printf("[INFO] netscaler-provider:  Binding ssl profile %s to lbvserver %s", sslprofile, lbvserverName)
+		_, err := client.UpdateResource(netscaler.Sslvserver.Type(), lbvserverName, &sslvserver)
+		if err != nil {
+			log.Printf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to lbvserver %s", sslprofile, lbvserverName)
+			err2 := client.DeleteResource(netscaler.Lbvserver.Type(), lbvserverName)
+			if err2 != nil {
+				log.Printf("[ERROR] netscaler-provider:  Failed to delete lbvserver %s after bind to ssl profile failed", lbvserverName)
+				return fmt.Errorf("[ERROR] netscaler-provider:  Failed to delete lbvserver %s after bind to ssl profile failed", lbvserverName)
+			}
+			return fmt.Errorf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to lbvserver %s", sslprofile, lbvserverName)
+		}
+	}
+
 	d.SetId(lbvserverName)
 
 	err = readLbvserverFunc(d, meta)
@@ -705,6 +728,9 @@ func readLbvserverFunc(d *schema.ResourceData, meta interface{}) error {
 	}
 	d.Set("sslcertkey", boundCert)
 
+	dataSsl, _ := client.FindResource(netscaler.Sslvserver.Type(), lbvserverName)
+	d.Set("sslprofile", dataSsl["sslprofile"])
+
 	return nil
 
 }
@@ -719,6 +745,7 @@ func updateLbvserverFunc(d *schema.ResourceData, meta interface{}) error {
 	}
 	hasChange := false
 	sslcertkeyChanged := false
+	sslprofileChanged := false
 	if d.HasChange("appflowlog") {
 		log.Printf("[DEBUG] netscaler-provider:  Appflowlog has changed for lbvserver %s, starting update", lbvserverName)
 		lbvserver.Appflowlog = d.Get("appflowlog").(string)
@@ -1148,6 +1175,10 @@ func updateLbvserverFunc(d *schema.ResourceData, meta interface{}) error {
 		log.Printf("[DEBUG] netscaler-provider:  ssl certkey has changed for lbvserver %s, starting update", lbvserverName)
 		sslcertkeyChanged = true
 	}
+	if d.HasChange("sslprofile") {
+		log.Printf("[DEBUG] netscaler-provider:  ssl profile has changed for lbvserver %s, starting update", lbvserverName)
+		sslprofileChanged = true
+	}
 
 	sslcertkey := d.Get("sslcertkey")
 	sslcertkeyName := sslcertkey.(string)
@@ -1188,6 +1219,34 @@ func updateLbvserverFunc(d *schema.ResourceData, meta interface{}) error {
 		}
 		log.Printf("[DEBUG] netscaler-provider: new ssl cert has been bound to lbvserver  sslcertkey %s lbvserver %s", sslcertkeyName, lbvserverName)
 	}
+
+	sslprofile := d.Get("sslprofile")
+	if sslprofileChanged {
+		sslprofileName := sslprofile.(string)
+
+		if sslprofileName == "" {
+			sslvserver := ssl.Sslvserver{
+				Vservername: lbvserverName,
+				Sslprofile:  "true",
+			}
+			err := client.ActOnResource(netscaler.Sslvserver.Type(), &sslvserver, "unset")
+			if err != nil {
+				return fmt.Errorf("[ERROR] netscaler-provider: Error unbinding ssl profile from lbvserver %s", lbvserverName)
+			}
+		} else {
+			sslvserver := ssl.Sslvserver{
+				Vservername: lbvserverName,
+				Sslprofile:  sslprofileName,
+			}
+			log.Printf("[INFO] netscaler-provider:  Binding ssl profile %s to lbvserver %s", sslprofileName, lbvserverName)
+			_, err := client.UpdateResource(netscaler.Sslvserver.Type(), lbvserverName, &sslvserver)
+			if err != nil {
+				log.Printf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to lbvserver %s", sslprofileName, lbvserverName)
+				return fmt.Errorf("[ERROR] netscaler-provider:  Failed to bind ssl profile %s to lbvserver %s", sslprofileName, lbvserverName)
+			}
+			log.Printf("[DEBUG] netscaler-provider: new ssl profile has been bound to lbvserver  sslprofile %s lbvserver %s", sslprofileName, lbvserverName)
+		}
+	}
 	return readLbvserverFunc(d, meta)
 }