Skip to content

Commit 559d46c

Browse files
feat(load_balancer): HTTP/2 support & backend TLS config (#278)
1 parent f9508ec commit 559d46c

11 files changed

+3218
-705
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ See updating [Changelog example here](https://keepachangelog.com/en/1.0.0/)
55

66
## [Unreleased]
77

8+
### Added
9+
- Managed Load Balancer: `TLSConfigs` field to `LoadBalancerBackend` to control backend TLS configurations
10+
- Managed Load Balancer: `TLSEnabled`, `TLSUseSystemCA`, `TLSVerify` & `HTTP2Enabled` fields to `LoadBalancerBackendProperties`
11+
- Managed Load Balancer: `HTTP2Enabled` field to `LoadBalancerFrontendProperties`
12+
813
## [6.9.0]
914
### Added
1015
- kubernetes: add `Version` field to `request.CreateKubernetesClusterRequest` and `upcloud.KubernetesCluster`

upcloud/load_balancer.go

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,9 @@ const (
3434
LoadBalancerConfiguredStatusStarted LoadBalancerConfiguredStatus = "started"
3535
LoadBalancerConfiguredStatusStopped LoadBalancerConfiguredStatus = "stopped"
3636

37-
LoadBalancerCertificateBundleTypeManual LoadBalancerCertificateBundleType = "manual"
38-
LoadBalancerCertificateBundleTypeDynamic LoadBalancerCertificateBundleType = "dynamic"
37+
LoadBalancerCertificateBundleTypeManual LoadBalancerCertificateBundleType = "manual"
38+
LoadBalancerCertificateBundleTypeDynamic LoadBalancerCertificateBundleType = "dynamic"
39+
LoadBalancerCertificateBundleTypeAuthority LoadBalancerCertificateBundleType = "authority"
3940

4041
LoadBalancerOperationalStatePending LoadBalancerOperationalState = "pending"
4142
LoadBalancerOperationalStateSetupAgent LoadBalancerOperationalState = "setup-agent"
@@ -157,7 +158,7 @@ type LoadBalancerFrontendRule struct {
157158
UpdatedAt time.Time `json:"updated_at,omitempty"`
158159
}
159160

160-
// LoadBalancerFrontendTLSConfig represents TLS configuration
161+
// LoadBalancerFrontendTLSConfig represents frontend TLS configuration
161162
type LoadBalancerFrontendTLSConfig struct {
162163
Name string `json:"name,omitempty"`
163164
CertificateBundleUUID string `json:"certificate_bundle_uuid,omitempty"`
@@ -167,8 +168,9 @@ type LoadBalancerFrontendTLSConfig struct {
167168

168169
// LoadBalancerFrontendProperties represents frontend properties
169170
type LoadBalancerFrontendProperties struct {
170-
TimeoutClient int `json:"timeout_client,omitempty"`
171-
InboundProxyProtocol bool `json:"inbound_proxy_protocol"`
171+
TimeoutClient int `json:"timeout_client,omitempty"`
172+
InboundProxyProtocol bool `json:"inbound_proxy_protocol"`
173+
HTTP2Enabled *bool `json:"http2_enabled,omitempty"`
172174
}
173175

174176
// LoadBalancerBackend represents service backend
@@ -177,6 +179,7 @@ type LoadBalancerBackend struct {
177179
Members []LoadBalancerBackendMember `json:"members"`
178180
Resolver string `json:"resolver,omitempty"`
179181
Properties *LoadBalancerBackendProperties `json:"properties,omitempty"`
182+
TLSConfigs []LoadBalancerBackendTLSConfig `json:"tls_configs,omitempty"`
180183
CreatedAt time.Time `json:"created_at,omitempty"`
181184
UpdatedAt time.Time `json:"updated_at,omitempty"`
182185
}
@@ -194,6 +197,14 @@ type LoadBalancerBackendMember struct {
194197
UpdatedAt time.Time `json:"updated_at,omitempty"`
195198
}
196199

200+
// LoadBalancerBackendTLSConfig represents backend TLS configuration
201+
type LoadBalancerBackendTLSConfig struct {
202+
Name string `json:"name,omitempty"`
203+
CertificateBundleUUID string `json:"certificate_bundle_uuid,omitempty"`
204+
CreatedAt time.Time `json:"created_at,omitempty"`
205+
UpdatedAt time.Time `json:"updated_at,omitempty"`
206+
}
207+
197208
// LoadBalancerBackendProperties represents backend properties
198209
type LoadBalancerBackendProperties struct {
199210
TimeoutServer int `json:"timeout_server,omitempty"`
@@ -207,6 +218,10 @@ type LoadBalancerBackendProperties struct {
207218
HealthCheckExpectedStatus int `json:"health_check_expected_status,omitempty"`
208219
StickySessionCookieName string `json:"sticky_session_cookie_name,omitempty"`
209220
OutboundProxyProtocol LoadBalancerProxyProtocolVersion `json:"outbound_proxy_protocol,omitempty"`
221+
TLSEnabled *bool `json:"tls_enabled,omitempty"`
222+
TLSVerify *bool `json:"tls_verify,omitempty"`
223+
TLSUseSystemCA *bool `json:"tls_use_system_ca,omitempty"`
224+
HTTP2Enabled *bool `json:"http2_enabled,omitempty"`
210225
}
211226

212227
// LoadBalancerResolver represents domain name resolver
@@ -268,7 +283,7 @@ type LoadBalancerMatcherStringWithArgument struct {
268283
IgnoreCase *bool `json:"ignore_case,omitempty"`
269284
}
270285

271-
// LoadBalancerMatcherHost represents represents 'host' matcher
286+
// LoadBalancerMatcherHost represents 'host' matcher
272287
type LoadBalancerMatcherHost struct {
273288
Value string `json:"value,omitempty"`
274289
}
@@ -387,7 +402,7 @@ type LoadBalancerNodeNetwork struct {
387402
IPAddresses []LoadBalancerIPAddress `json:"ip_addresses,omitempty"`
388403
}
389404

390-
// LoadBalancerNetwork represents network attached to loadbalancer
405+
// LoadBalancerFrontendNetwork represents network attached to loadbalancer
391406
type LoadBalancerFrontendNetwork struct {
392407
Name string `json:"name,omitempty"`
393408
}

upcloud/load_balancer_test.go

Lines changed: 78 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,14 @@ func TestMarshalLoadBalancer(t *testing.T) {
6161
"updated_at": "2022-02-11T17:33:08.490581Z",
6262
"weight": 100
6363
}
64+
],
65+
"tls_configs": [
66+
{
67+
"certificate_bundle_uuid": "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
68+
"created_at": "2023-02-11T17:33:08.490581Z",
69+
"name": "example-tls-config",
70+
"updated_at": "2023-02-11T17:33:08.490581Z"
71+
}
6472
]
6573
}
6674
],
@@ -205,6 +213,12 @@ func TestMarshalLoadBalancer(t *testing.T) {
205213
UpdatedAt: timeParse("2022-02-11T17:33:08.490581Z"),
206214
},
207215
},
216+
TLSConfigs: []LoadBalancerBackendTLSConfig{{
217+
Name: "example-tls-config",
218+
CertificateBundleUUID: "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
219+
CreatedAt: timeParse("2023-02-11T17:33:08.490581Z"),
220+
UpdatedAt: timeParse("2023-02-11T17:33:08.490581Z"),
221+
}},
208222
},
209223
},
210224
Resolvers: []LoadBalancerResolver{
@@ -367,6 +381,36 @@ func TestLoadBalancerFrontendProperties(t *testing.T) {
367381
}
368382
`,
369383
)
384+
testJSON(t,
385+
&LoadBalancerFrontendProperties{},
386+
&LoadBalancerFrontendProperties{
387+
TimeoutClient: 10,
388+
InboundProxyProtocol: false,
389+
HTTP2Enabled: BoolPtr(false),
390+
},
391+
`
392+
{
393+
"timeout_client": 10,
394+
"inbound_proxy_protocol": false,
395+
"http2_enabled": false
396+
}
397+
`,
398+
)
399+
testJSON(t,
400+
&LoadBalancerFrontendProperties{},
401+
&LoadBalancerFrontendProperties{
402+
TimeoutClient: 10,
403+
InboundProxyProtocol: false,
404+
HTTP2Enabled: BoolPtr(true),
405+
},
406+
`
407+
{
408+
"timeout_client": 10,
409+
"inbound_proxy_protocol": false,
410+
"http2_enabled": true
411+
}
412+
`,
413+
)
370414
}
371415

372416
func TestLoadBalancerRule(t *testing.T) {
@@ -500,6 +544,27 @@ func TestLoadBalancerBackend(t *testing.T) {
500544
)
501545
}
502546

547+
func TestLoadBalancerBackendTLSConfig(t *testing.T) {
548+
t.Parallel()
549+
testJSON(t,
550+
&LoadBalancerBackendTLSConfig{},
551+
&LoadBalancerBackendTLSConfig{
552+
Name: "example-tls-config",
553+
CertificateBundleUUID: "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
554+
CreatedAt: timeParse("2023-02-11T17:33:08.490581Z"),
555+
UpdatedAt: timeParse("2023-02-11T17:33:08.490581Z"),
556+
},
557+
`
558+
{
559+
"certificate_bundle_uuid": "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
560+
"name": "example-tls-config",
561+
"created_at": "2023-02-11T17:33:08.490581Z",
562+
"updated_at": "2023-02-11T17:33:08.490581Z"
563+
}
564+
`,
565+
)
566+
}
567+
503568
func TestLoadBalancerBackendProperties(t *testing.T) {
504569
t.Parallel()
505570
testJSON(t,
@@ -535,8 +600,19 @@ func TestLoadBalancerBackendProperties(t *testing.T) {
535600
)
536601
testJSON(t,
537602
&LoadBalancerBackendProperties{},
538-
&LoadBalancerBackendProperties{},
539-
`{}`,
603+
&LoadBalancerBackendProperties{
604+
TLSVerify: BoolPtr(true),
605+
TLSEnabled: BoolPtr(true),
606+
TLSUseSystemCA: BoolPtr(true),
607+
HTTP2Enabled: BoolPtr(true),
608+
},
609+
`{
610+
"tls_verify": true,
611+
"tls_enabled": true,
612+
"tls_use_system_ca": true,
613+
"http2_enabled": true
614+
}
615+
`,
540616
)
541617
}
542618

upcloud/request/load_balancer.go

Lines changed: 71 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,12 +97,13 @@ func (r *GetLoadBalancerBackendsRequest) RequestURL() string {
9797
return fmt.Sprintf("/load-balancer/%s/backends", r.ServiceUUID)
9898
}
9999

100-
// BalancerBackend represents the payload for CreateLoadBalancerBackendRequest
100+
// LoadBalancerBackend represents the payload for CreateLoadBalancerBackendRequest
101101
type LoadBalancerBackend struct {
102102
Name string `json:"name"`
103103
Resolver string `json:"resolver,omitempty"`
104104
Members []LoadBalancerBackendMember `json:"members"`
105105
Properties *upcloud.LoadBalancerBackendProperties `json:"properties,omitempty"`
106+
TLSConfigs []LoadBalancerBackendTLSConfig `json:"tls_configs,omitempty"`
106107
}
107108

108109
// CreateLoadBalancerBackendRequest represents a request to create load balancer backend
@@ -576,6 +577,75 @@ func (r *DeleteLoadBalancerFrontendTLSConfigRequest) RequestURL() string {
576577
return fmt.Sprintf("/load-balancer/%s/frontends/%s/tls-configs/%s", r.ServiceUUID, r.FrontendName, r.Name)
577578
}
578579

580+
// LoadBalancerBackendTLSConfig represents TLS config payload
581+
type LoadBalancerBackendTLSConfig struct {
582+
Name string `json:"name,omitempty"`
583+
CertificateBundleUUID string `json:"certificate_bundle_uuid,omitempty"`
584+
}
585+
586+
// GetLoadBalancerBackendTLSConfigsRequest represents a request to get backend TLS configs
587+
type GetLoadBalancerBackendTLSConfigsRequest struct {
588+
ServiceUUID string `json:"-"`
589+
BackendName string `json:"-"`
590+
}
591+
592+
func (r *GetLoadBalancerBackendTLSConfigsRequest) RequestURL() string {
593+
return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs", r.ServiceUUID, r.BackendName)
594+
}
595+
596+
// GetLoadBalancerBackendTLSConfigRequest represents a request to get backend TLS config
597+
type GetLoadBalancerBackendTLSConfigRequest struct {
598+
ServiceUUID string `json:"-"`
599+
BackendName string `json:"-"`
600+
Name string `json:"-"`
601+
}
602+
603+
func (r *GetLoadBalancerBackendTLSConfigRequest) RequestURL() string {
604+
return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs/%s", r.ServiceUUID, r.BackendName, r.Name)
605+
}
606+
607+
// CreateLoadBalancerBackendTLSConfigRequest represents a request to create backend TLS config
608+
type CreateLoadBalancerBackendTLSConfigRequest struct {
609+
ServiceUUID string `json:"-"`
610+
BackendName string `json:"-"`
611+
Config LoadBalancerBackendTLSConfig
612+
}
613+
614+
func (r *CreateLoadBalancerBackendTLSConfigRequest) MarshalJSON() ([]byte, error) {
615+
return json.Marshal(r.Config)
616+
}
617+
618+
func (r *CreateLoadBalancerBackendTLSConfigRequest) RequestURL() string {
619+
return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs", r.ServiceUUID, r.BackendName)
620+
}
621+
622+
// ModifyLoadBalancerBackendTLSConfigRequest represents a request to modify backend TLS config
623+
type ModifyLoadBalancerBackendTLSConfigRequest struct {
624+
ServiceUUID string `json:"-"`
625+
BackendName string `json:"-"`
626+
Name string `json:"-"`
627+
Config LoadBalancerBackendTLSConfig
628+
}
629+
630+
func (r *ModifyLoadBalancerBackendTLSConfigRequest) MarshalJSON() ([]byte, error) {
631+
return json.Marshal(r.Config)
632+
}
633+
634+
func (r *ModifyLoadBalancerBackendTLSConfigRequest) RequestURL() string {
635+
return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs/%s", r.ServiceUUID, r.BackendName, r.Name)
636+
}
637+
638+
// DeleteLoadBalancerBackendTLSConfigRequest represents a request to delete backend TLS config
639+
type DeleteLoadBalancerBackendTLSConfigRequest struct {
640+
ServiceUUID string `json:"-"`
641+
BackendName string `json:"-"`
642+
Name string `json:"-"`
643+
}
644+
645+
func (r *DeleteLoadBalancerBackendTLSConfigRequest) RequestURL() string {
646+
return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs/%s", r.ServiceUUID, r.BackendName, r.Name)
647+
}
648+
579649
// CreateLoadBalancerCertificateBundleRequest represents a request to create certificate bundle
580650
type CreateLoadBalancerCertificateBundleRequest struct {
581651
Type upcloud.LoadBalancerCertificateBundleType `json:"type,omitempty"`

0 commit comments

Comments
 (0)