feat(load_balancer): HTTP/2 support & backend TLS config (#278)

Author: villevsv-upcloud

CHANGELOG.md

@@ -5,6 +5,11 @@ See updating [Changelog example here](https://keepachangelog.com/en/1.0.0/)
 
 ## [Unreleased]
 
+### Added
+- Managed Load Balancer: `TLSConfigs` field to `LoadBalancerBackend` to control backend TLS configurations
+- Managed Load Balancer: `TLSEnabled`,  `TLSUseSystemCA`, `TLSVerify` & `HTTP2Enabled` fields to `LoadBalancerBackendProperties`
+- Managed Load Balancer: `HTTP2Enabled` field to `LoadBalancerFrontendProperties`
+
 ## [6.9.0]
 ### Added
 - kubernetes: add `Version` field to `request.CreateKubernetesClusterRequest` and `upcloud.KubernetesCluster`

upcloud/load_balancer.go

@@ -34,8 +34,9 @@ const (
 	LoadBalancerConfiguredStatusStarted LoadBalancerConfiguredStatus = "started"
 	LoadBalancerConfiguredStatusStopped LoadBalancerConfiguredStatus = "stopped"
 
-	LoadBalancerCertificateBundleTypeManual  LoadBalancerCertificateBundleType = "manual"
-	LoadBalancerCertificateBundleTypeDynamic LoadBalancerCertificateBundleType = "dynamic"
+	LoadBalancerCertificateBundleTypeManual    LoadBalancerCertificateBundleType = "manual"
+	LoadBalancerCertificateBundleTypeDynamic   LoadBalancerCertificateBundleType = "dynamic"
+	LoadBalancerCertificateBundleTypeAuthority LoadBalancerCertificateBundleType = "authority"
 
 	LoadBalancerOperationalStatePending       LoadBalancerOperationalState = "pending"
 	LoadBalancerOperationalStateSetupAgent    LoadBalancerOperationalState = "setup-agent"
@@ -157,7 +158,7 @@ type LoadBalancerFrontendRule struct {
 	UpdatedAt time.Time             `json:"updated_at,omitempty"`
 }
 
-// LoadBalancerFrontendTLSConfig represents TLS configuration
+// LoadBalancerFrontendTLSConfig represents frontend TLS configuration
 type LoadBalancerFrontendTLSConfig struct {
 	Name                  string    `json:"name,omitempty"`
 	CertificateBundleUUID string    `json:"certificate_bundle_uuid,omitempty"`
@@ -167,8 +168,9 @@ type LoadBalancerFrontendTLSConfig struct {
 
 // LoadBalancerFrontendProperties represents frontend properties
 type LoadBalancerFrontendProperties struct {
-	TimeoutClient        int  `json:"timeout_client,omitempty"`
-	InboundProxyProtocol bool `json:"inbound_proxy_protocol"`
+	TimeoutClient        int   `json:"timeout_client,omitempty"`
+	InboundProxyProtocol bool  `json:"inbound_proxy_protocol"`
+	HTTP2Enabled         *bool `json:"http2_enabled,omitempty"`
 }
 
 // LoadBalancerBackend represents service backend
@@ -177,6 +179,7 @@ type LoadBalancerBackend struct {
 	Members    []LoadBalancerBackendMember    `json:"members"`
 	Resolver   string                         `json:"resolver,omitempty"`
 	Properties *LoadBalancerBackendProperties `json:"properties,omitempty"`
+	TLSConfigs []LoadBalancerBackendTLSConfig `json:"tls_configs,omitempty"`
 	CreatedAt  time.Time                      `json:"created_at,omitempty"`
 	UpdatedAt  time.Time                      `json:"updated_at,omitempty"`
 }
@@ -194,6 +197,14 @@ type LoadBalancerBackendMember struct {
 	UpdatedAt   time.Time                     `json:"updated_at,omitempty"`
 }
 
+// LoadBalancerBackendTLSConfig represents backend TLS configuration
+type LoadBalancerBackendTLSConfig struct {
+	Name                  string    `json:"name,omitempty"`
+	CertificateBundleUUID string    `json:"certificate_bundle_uuid,omitempty"`
+	CreatedAt             time.Time `json:"created_at,omitempty"`
+	UpdatedAt             time.Time `json:"updated_at,omitempty"`
+}
+
 // LoadBalancerBackendProperties represents backend properties
 type LoadBalancerBackendProperties struct {
 	TimeoutServer             int                              `json:"timeout_server,omitempty"`
@@ -207,6 +218,10 @@ type LoadBalancerBackendProperties struct {
 	HealthCheckExpectedStatus int                              `json:"health_check_expected_status,omitempty"`
 	StickySessionCookieName   string                           `json:"sticky_session_cookie_name,omitempty"`
 	OutboundProxyProtocol     LoadBalancerProxyProtocolVersion `json:"outbound_proxy_protocol,omitempty"`
+	TLSEnabled                *bool                            `json:"tls_enabled,omitempty"`
+	TLSVerify                 *bool                            `json:"tls_verify,omitempty"`
+	TLSUseSystemCA            *bool                            `json:"tls_use_system_ca,omitempty"`
+	HTTP2Enabled              *bool                            `json:"http2_enabled,omitempty"`
 }
 
 // LoadBalancerResolver represents domain name resolver
@@ -268,7 +283,7 @@ type LoadBalancerMatcherStringWithArgument struct {
 	IgnoreCase *bool                           `json:"ignore_case,omitempty"`
 }
 
-// LoadBalancerMatcherHost represents represents 'host' matcher
+// LoadBalancerMatcherHost represents 'host' matcher
 type LoadBalancerMatcherHost struct {
 	Value string `json:"value,omitempty"`
 }
@@ -387,7 +402,7 @@ type LoadBalancerNodeNetwork struct {
 	IPAddresses []LoadBalancerIPAddress `json:"ip_addresses,omitempty"`
 }
 
-// LoadBalancerNetwork represents network attached to loadbalancer
+// LoadBalancerFrontendNetwork represents network attached to loadbalancer
 type LoadBalancerFrontendNetwork struct {
 	Name string `json:"name,omitempty"`
 }

upcloud/load_balancer_test.go

@@ -61,6 +61,14 @@ func TestMarshalLoadBalancer(t *testing.T) {
 							"updated_at": "2022-02-11T17:33:08.490581Z",
 							"weight": 100
 						}
+					],
+					"tls_configs": [
+						{
+							"certificate_bundle_uuid": "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
+							"created_at": "2023-02-11T17:33:08.490581Z",
+							"name": "example-tls-config",
+							"updated_at": "2023-02-11T17:33:08.490581Z"
+						}
 					]
 				}
 			],
@@ -205,6 +213,12 @@ func TestMarshalLoadBalancer(t *testing.T) {
 						UpdatedAt:   timeParse("2022-02-11T17:33:08.490581Z"),
 					},
 				},
+				TLSConfigs: []LoadBalancerBackendTLSConfig{{
+					Name:                  "example-tls-config",
+					CertificateBundleUUID: "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
+					CreatedAt:             timeParse("2023-02-11T17:33:08.490581Z"),
+					UpdatedAt:             timeParse("2023-02-11T17:33:08.490581Z"),
+				}},
 			},
 		},
 		Resolvers: []LoadBalancerResolver{
@@ -367,6 +381,36 @@ func TestLoadBalancerFrontendProperties(t *testing.T) {
 		}
 		`,
 	)
+	testJSON(t,
+		&LoadBalancerFrontendProperties{},
+		&LoadBalancerFrontendProperties{
+			TimeoutClient:        10,
+			InboundProxyProtocol: false,
+			HTTP2Enabled:         BoolPtr(false),
+		},
+		`
+		{
+			"timeout_client": 10,
+			"inbound_proxy_protocol": false,
+			"http2_enabled": false
+		}
+		`,
+	)
+	testJSON(t,
+		&LoadBalancerFrontendProperties{},
+		&LoadBalancerFrontendProperties{
+			TimeoutClient:        10,
+			InboundProxyProtocol: false,
+			HTTP2Enabled:         BoolPtr(true),
+		},
+		`
+		{
+			"timeout_client": 10,
+			"inbound_proxy_protocol": false,
+			"http2_enabled": true
+		}
+		`,
+	)
 }
 
 func TestLoadBalancerRule(t *testing.T) {
@@ -500,6 +544,27 @@ func TestLoadBalancerBackend(t *testing.T) {
 	)
 }
 
+func TestLoadBalancerBackendTLSConfig(t *testing.T) {
+	t.Parallel()
+	testJSON(t,
+		&LoadBalancerBackendTLSConfig{},
+		&LoadBalancerBackendTLSConfig{
+			Name:                  "example-tls-config",
+			CertificateBundleUUID: "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
+			CreatedAt:             timeParse("2023-02-11T17:33:08.490581Z"),
+			UpdatedAt:             timeParse("2023-02-11T17:33:08.490581Z"),
+		},
+		`
+		{
+			"certificate_bundle_uuid": "0aded5c1-c7a3-498a-b9c8-a871611c47a3",
+			"name": "example-tls-config",
+			"created_at": "2023-02-11T17:33:08.490581Z",
+			"updated_at": "2023-02-11T17:33:08.490581Z"
+		}
+		`,
+	)
+}
+
 func TestLoadBalancerBackendProperties(t *testing.T) {
 	t.Parallel()
 	testJSON(t,
@@ -535,8 +600,19 @@ func TestLoadBalancerBackendProperties(t *testing.T) {
 	)
 	testJSON(t,
 		&LoadBalancerBackendProperties{},
-		&LoadBalancerBackendProperties{},
-		`{}`,
+		&LoadBalancerBackendProperties{
+			TLSVerify:      BoolPtr(true),
+			TLSEnabled:     BoolPtr(true),
+			TLSUseSystemCA: BoolPtr(true),
+			HTTP2Enabled:   BoolPtr(true),
+		},
+		`{
+			"tls_verify": true,
+			"tls_enabled": true,
+			"tls_use_system_ca": true,
+			"http2_enabled": true
+		}
+		`,
 	)
 }
 

upcloud/request/load_balancer.go

@@ -97,12 +97,13 @@ func (r *GetLoadBalancerBackendsRequest) RequestURL() string {
 	return fmt.Sprintf("/load-balancer/%s/backends", r.ServiceUUID)
 }
 
-// BalancerBackend represents the payload for CreateLoadBalancerBackendRequest
+// LoadBalancerBackend represents the payload for CreateLoadBalancerBackendRequest
 type LoadBalancerBackend struct {
 	Name       string                                 `json:"name"`
 	Resolver   string                                 `json:"resolver,omitempty"`
 	Members    []LoadBalancerBackendMember            `json:"members"`
 	Properties *upcloud.LoadBalancerBackendProperties `json:"properties,omitempty"`
+	TLSConfigs []LoadBalancerBackendTLSConfig         `json:"tls_configs,omitempty"`
 }
 
 // CreateLoadBalancerBackendRequest represents a request to create load balancer backend
@@ -576,6 +577,75 @@ func (r *DeleteLoadBalancerFrontendTLSConfigRequest) RequestURL() string {
 	return fmt.Sprintf("/load-balancer/%s/frontends/%s/tls-configs/%s", r.ServiceUUID, r.FrontendName, r.Name)
 }
 
+// LoadBalancerBackendTLSConfig represents TLS config payload
+type LoadBalancerBackendTLSConfig struct {
+	Name                  string `json:"name,omitempty"`
+	CertificateBundleUUID string `json:"certificate_bundle_uuid,omitempty"`
+}
+
+// GetLoadBalancerBackendTLSConfigsRequest represents a request to get backend TLS configs
+type GetLoadBalancerBackendTLSConfigsRequest struct {
+	ServiceUUID string `json:"-"`
+	BackendName string `json:"-"`
+}
+
+func (r *GetLoadBalancerBackendTLSConfigsRequest) RequestURL() string {
+	return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs", r.ServiceUUID, r.BackendName)
+}
+
+// GetLoadBalancerBackendTLSConfigRequest represents a request to get backend TLS config
+type GetLoadBalancerBackendTLSConfigRequest struct {
+	ServiceUUID string `json:"-"`
+	BackendName string `json:"-"`
+	Name        string `json:"-"`
+}
+
+func (r *GetLoadBalancerBackendTLSConfigRequest) RequestURL() string {
+	return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs/%s", r.ServiceUUID, r.BackendName, r.Name)
+}
+
+// CreateLoadBalancerBackendTLSConfigRequest represents a request to create backend TLS config
+type CreateLoadBalancerBackendTLSConfigRequest struct {
+	ServiceUUID string `json:"-"`
+	BackendName string `json:"-"`
+	Config      LoadBalancerBackendTLSConfig
+}
+
+func (r *CreateLoadBalancerBackendTLSConfigRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(r.Config)
+}
+
+func (r *CreateLoadBalancerBackendTLSConfigRequest) RequestURL() string {
+	return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs", r.ServiceUUID, r.BackendName)
+}
+
+// ModifyLoadBalancerBackendTLSConfigRequest represents a request to modify backend TLS config
+type ModifyLoadBalancerBackendTLSConfigRequest struct {
+	ServiceUUID string `json:"-"`
+	BackendName string `json:"-"`
+	Name        string `json:"-"`
+	Config      LoadBalancerBackendTLSConfig
+}
+
+func (r *ModifyLoadBalancerBackendTLSConfigRequest) MarshalJSON() ([]byte, error) {
+	return json.Marshal(r.Config)
+}
+
+func (r *ModifyLoadBalancerBackendTLSConfigRequest) RequestURL() string {
+	return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs/%s", r.ServiceUUID, r.BackendName, r.Name)
+}
+
+// DeleteLoadBalancerBackendTLSConfigRequest represents a request to delete backend TLS config
+type DeleteLoadBalancerBackendTLSConfigRequest struct {
+	ServiceUUID string `json:"-"`
+	BackendName string `json:"-"`
+	Name        string `json:"-"`
+}
+
+func (r *DeleteLoadBalancerBackendTLSConfigRequest) RequestURL() string {
+	return fmt.Sprintf("/load-balancer/%s/backends/%s/tls-configs/%s", r.ServiceUUID, r.BackendName, r.Name)
+}
+
 // CreateLoadBalancerCertificateBundleRequest represents a request to create certificate bundle
 type CreateLoadBalancerCertificateBundleRequest struct {
 	Type upcloud.LoadBalancerCertificateBundleType `json:"type,omitempty"`