fix cdn support https force redirect

Author: ttomzhou

examples/tencentcloud-cdn/main.tf

@@ -15,6 +15,10 @@ resource "tencentcloud_cdn_domain" "foo" {
     ocsp_stapling_switch = "off"
     spdy_switch          = "off"
     verify_client        = "off"
+
+    force_redirect {
+      switch = "on"
+    }
   }
 
   tags = {

tencentcloud/extension_cdn.go

@@ -58,6 +58,11 @@ var CDN_ORIGIN_PULL_PROTOCOL = []string{
 	CDN_ORIGIN_PULL_PROTOCOL_FOLLOW,
 }
 
+var CDN_FORCE_REDIRECT_TYPE = []string{
+	CDN_ORIGIN_PULL_PROTOCOL_HTTP,
+	CDN_ORIGIN_PULL_PROTOCOL_HTTPS,
+}
+
 var CDN_AREA = []string{
 	CDN_AREA_MAINLAND,
 	CDN_AREA_OVERSEAS,

tencentcloud/resource_tc_cdn_domain.go

@@ -22,6 +22,10 @@ resource "tencentcloud_cdn_domain" "foo" {
     ocsp_stapling_switch = "off"
     spdy_switch          = "off"
     verify_client        = "off"
+
+	force_redirect {
+      switch = "on"
+    }
   }
 
   tags = {
@@ -304,6 +308,40 @@ func resourceTencentCloudCdnDomain() *schema.Resource {
 								},
 							},
 						},
+						"force_redirect": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Computed:    true,
+							MaxItems:    1,
+							Description: "Access protocol mandatory jump configuration. It's a list and consist of at most one item.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"switch": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										Default:      CDN_SWITCH_OFF,
+										ValidateFunc: validateAllowedStringValue(CDN_SWITCH),
+										Description:  "Access forced jump configuration switch. Valid values are `on` and `off`. Default value is `off`.",
+									},
+									"redirect_type": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										Computed:     true,
+										ValidateFunc: validateAllowedStringValue(CDN_FORCE_REDIRECT_TYPE),
+										Description: "Access forced jump type. Valid values are `http` and `https`. " +
+											"When `switch` setting `off`, this property does not need to be set or set to `http`.",
+									},
+									"redirect_status_code": {
+										Type:         schema.TypeInt,
+										Optional:     true,
+										Computed:     true,
+										ValidateFunc: validateAllowedIntValue([]int{301, 302}),
+										Description: "Access forced jump code. Valid values are `301` and `302`. " +
+											"When `switch` setting `off`, this property does not need to be set or set to `302`.",
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -435,6 +473,23 @@ func resourceTencentCloudCdnDomainCreate(d *schema.ResourceData, meta interface{
 					}
 				}
 			}
+			if v := config["force_redirect"]; len(v.([]interface{})) > 0 {
+				forceRedirect := v.([]interface{})
+				if len(forceRedirect) > 0 {
+					var redirect cdn.ForceRedirect
+					redirectMap := forceRedirect[0].(map[string]interface{})
+					if sw := redirectMap["switch"]; sw.(string) != "" {
+						redirect.Switch = helper.String(sw.(string))
+					}
+					if rt := redirectMap["redirect_type"]; rt.(string) != "" {
+						redirect.RedirectType = helper.String(rt.(string))
+					}
+					if rsc := redirectMap["redirect_status_code"]; rsc.(int) != 0 {
+						redirect.RedirectStatusCode = helper.Int64(int64(rsc.(int)))
+					}
+					request.ForceRedirect = &redirect
+				}
+			}
 		}
 	}
 
@@ -542,7 +597,7 @@ func resourceTencentCloudCdnDomainRead(d *schema.ResourceData, meta interface{})
 	_ = d.Set("origin", origins)
 
 	httpsConfigs := make([]map[string]interface{}, 0, 1)
-	httpsConfig := make(map[string]interface{}, 7)
+	httpsConfig := make(map[string]interface{}, 8)
 	httpsConfig["https_switch"] = domainConfig.Https.Switch
 	httpsConfig["http2_switch"] = domainConfig.Https.Http2
 	httpsConfig["ocsp_stapling_switch"] = domainConfig.Https.OcspStapling
@@ -597,6 +652,15 @@ func resourceTencentCloudCdnDomainRead(d *schema.ResourceData, meta interface{})
 		clientCertConfigs = append(clientCertConfigs, clientCertConfig)
 		httpsConfig["client_certificate_config"] = clientCertConfigs
 	}
+	if domainConfig.ForceRedirect != nil {
+		httpsConfig["force_redirect"] = []map[string]interface{}{
+			{
+				"switch":               domainConfig.ForceRedirect.Switch,
+				"redirect_type":        domainConfig.ForceRedirect.RedirectType,
+				"redirect_status_code": domainConfig.ForceRedirect.RedirectStatusCode,
+			},
+		}
+	}
 	httpsConfigs = append(httpsConfigs, httpsConfig)
 	_ = d.Set("https_config", httpsConfigs)
 
@@ -724,6 +788,23 @@ func resourceTencentCloudCdnDomainUpdate(d *schema.ResourceData, meta interface{
 					}
 				}
 			}
+			if v := config["force_redirect"]; len(v.([]interface{})) > 0 {
+				forceRedirect := v.([]interface{})
+				if len(forceRedirect) > 0 {
+					var redirect cdn.ForceRedirect
+					redirectMap := forceRedirect[0].(map[string]interface{})
+					if sw := redirectMap["switch"]; sw.(string) != "" {
+						redirect.Switch = helper.String(sw.(string))
+					}
+					if rt := redirectMap["redirect_type"]; rt.(string) != "" {
+						redirect.RedirectType = helper.String(rt.(string))
+					}
+					if rsc := redirectMap["redirect_status_code"]; rsc.(int) != 0 {
+						redirect.RedirectStatusCode = helper.Int64(int64(rsc.(int)))
+					}
+					request.ForceRedirect = &redirect
+				}
+			}
 		}
 	}
 
@@ -746,7 +827,7 @@ func resourceTencentCloudCdnDomainUpdate(d *schema.ResourceData, meta interface{
 			d.SetPartial(attr)
 		}
 
-		err = resource.Retry(2*readRetryTimeout, func() *resource.RetryError {
+		err = resource.Retry(5*readRetryTimeout, func() *resource.RetryError {
 			domainConfig, err := cdnService.DescribeDomainsConfigByDomain(ctx, domain)
 			if err != nil {
 				return retryError(err, InternalError)

tencentcloud/resource_tc_cdn_domain_test.go

@@ -28,6 +28,22 @@ func TestAccTencentCloudCdnDomain(t *testing.T) {
 					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.origin_list.#", "1"),
 				),
 			},
+			{
+				ResourceName:            "tencentcloud_cdn_domain.foo",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"https_config"},
+			},
+		},
+	})
+}
+
+func TestAccTencentCloudCdnDomainWithHTTPs(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCdnDomainDestroy,
+		Steps: []resource.TestStep{
 			{
 				Config: testAccCdnDomainFull,
 				Check: resource.ComposeTestCheckFunc(
@@ -48,6 +64,34 @@ func TestAccTencentCloudCdnDomain(t *testing.T) {
 					resource.TestCheckResourceAttrSet("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.deploy_time"),
 					resource.TestCheckResourceAttrSet("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.expire_time"),
 					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "tags.hello", "world"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.force_redirect.0.switch", "off"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.force_redirect.0.redirect_type", "http"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.force_redirect.0.redirect_status_code", "302"),
+				),
+			},
+			{
+				Config: testAccCdnDomainFullUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "domain", "test.zhaoshaona.com"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "service_type", "web"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "area", "mainland"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "full_url_cache", "false"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.origin_type", "ip"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.origin_list.#", "1"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.server_name", "test.zhaoshaona.com"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "origin.0.origin_pull_protocol", "follow"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.https_switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.http2_switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.ocsp_stapling_switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.spdy_switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.verify_client", "off"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.message", "test"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.deploy_time"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cdn_domain.foo", "https_config.0.server_certificate_config.0.expire_time"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "tags.hello", "world"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.force_redirect.0.switch", "on"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.force_redirect.0.redirect_type", "https"),
+					resource.TestCheckResourceAttr("tencentcloud_cdn_domain.foo", "https_config.0.force_redirect.0.redirect_status_code", "302"),
 				),
 			},
 			{
@@ -140,24 +184,24 @@ resource "tencentcloud_cdn_domain" "foo" {
 
 const testAccCdnDomainFull = `
 resource "tencentcloud_cdn_domain" "foo" {
-  domain = "test.zhaoshaona.com"
-  service_type = "web"
-  area = "mainland"
+  domain         = "test.zhaoshaona.com"
+  service_type   = "web"
+  area           = "mainland"
   full_url_cache = false
 
   origin {
-	origin_type = "ip"
-	origin_list = ["139.199.199.140"]
-    server_name = "test.zhaoshaona.com"
+	origin_type          = "ip"
+	origin_list          = ["139.199.199.140"]
+    server_name          = "test.zhaoshaona.com"
     origin_pull_protocol = "follow"
   }
 
   https_config {
-    https_switch = "on"
-    http2_switch = "on"
+    https_switch         = "on"
+    http2_switch         = "on"
     ocsp_stapling_switch = "on"
-    spdy_switch = "on"
-	verify_client = "off"
+    spdy_switch          = "on"
+	verify_client        = "off"
 
 	server_certificate_config {
       certificate_content = <<EOT
@@ -216,7 +260,99 @@ KKcVGqvwVh2r8ocP7OnrQPVK9ZW7BcoYiqM2DjdKyl7AtQKnvWfPMai++oXKzo0y
 EOT
       message = "test"
     }
+}
+
+  tags = {
+    hello = "world"
   }
+}
+`
+
+const testAccCdnDomainFullUpdate = `
+resource "tencentcloud_cdn_domain" "foo" {
+  domain         = "test.zhaoshaona.com"
+  service_type   = "web"
+  area           = "mainland"
+  full_url_cache = false
+
+  origin {
+	origin_type          = "ip"
+	origin_list          = ["139.199.199.140"]
+    server_name          = "test.zhaoshaona.com"
+    origin_pull_protocol = "follow"
+  }
+
+  https_config {
+    https_switch         = "on"
+    http2_switch         = "on"
+    ocsp_stapling_switch = "on"
+    spdy_switch          = "on"
+	verify_client        = "off"
+
+    force_redirect {
+        switch               = "on"
+        redirect_type        = "https"
+        redirect_status_code = 302
+    }
+
+	server_certificate_config {
+      certificate_content = <<EOT
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqACCQDJd98Shn/cJTANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMC
+Q04xEDAOBgNVBAgMB1RpYW5qaW4xEDAOBgNVBAcMB1RpYW5qaW4xDjAMBgNVBAoM
+BU1vY2hhMRcwFQYDVQQLDA5Nb2NoYSBTb2Z0d2FyZTEcMBoGA1UEAwwTdGVzdC56
+aGFvc2hhb25hLmNvbTEjMCEGCSqGSIb3DQEJARYUeWFsaW5wZWlAdGVuY2VudC5j
+b20wHhcNMjAwNTIwMDcyNDQyWhcNMzAwNTE4MDcyNDQyWjCBnTELMAkGA1UEBhMC
+Q04xEDAOBgNVBAgMB1RpYW5qaW4xEDAOBgNVBAcMB1RpYW5qaW4xDjAMBgNVBAoM
+BU1vY2hhMRcwFQYDVQQLDA5Nb2NoYSBTb2Z0d2FyZTEcMBoGA1UEAwwTdGVzdC56
+aGFvc2hhb25hLmNvbTEjMCEGCSqGSIb3DQEJARYUeWFsaW5wZWlAdGVuY2VudC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgndm2xEWL7CaVQ/lb
+TO6Gj4EqEp1tWygjdfqkUXADfsgMGPukYaZY+klV6AJzLcj8VD5iWgKa+V4kLHtf
+yh66c45nZrdUVoF9CFTw2+B/LTa/UzsvbLTVOnEjVBjI1V5kVzliF5cK5OlQ258d
+w6yFaccOgXqSkp9i57Y9pT1FIb691hsf2VHiVLizPYy3vvLQeN8RnXS3vK56BcQk
+o+49H11TAsrIh0C5maF0jp/7poSQkrX0kjfX4+gK/mC4Dn3PgK464Ko5OR45IGji
+D368/klCK1bqIshlv4owEfgzAEQMPUQ0CfuvXTX85aojM48RiYiDmYveaICtYnSR
+04MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHWUpfePVt3LjZVDS3OmQ7rTG8zc
+zwZgJfxP0f4ZNo/9t53SNsQ0UM/+7sqnBKOjsWfgyFqSh9cfN0Bnsn3gmvPXmD5R
+nCa9qr9IO+FP9Ke4KKn0Ndx1sWJN3B6D8bUTnvFIkJoRsvsqNi24o2uKrUdcAYHL
+5BVtrVe8E55i0A5WosC8KWv4ZJxTacvuxVjfyroKzxsLwOQvCqBNSuZLg1HYUeG6
+XIj0/acmysb8S82Lxm39E82DbPdUO3Z0TlGL7umlAV947/6eGvPhszjnhBlxVo3p
+tmHdyqfHxWbkTW4bnO/Gu+Sll6a3n1uyQ/onXuXH3pBZoXLp3Jj+CV1+N6E=
+-----END CERTIFICATE-----
+EOT
+
+      private_key         = <<EOT
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAoJ3ZtsRFi+wmlUP5W0zuho+BKhKdbVsoI3X6pFFwA37IDBj7
+pGGmWPpJVegCcy3I/FQ+YloCmvleJCx7X8oeunOOZ2a3VFaBfQhU8Nvgfy02v1M7
+L2y01TpxI1QYyNVeZFc5YheXCuTpUNufHcOshWnHDoF6kpKfYue2PaU9RSG+vdYb
+H9lR4lS4sz2Mt77y0HjfEZ10t7yuegXEJKPuPR9dUwLKyIdAuZmhdI6f+6aEkJK1
+9JI31+PoCv5guA59z4CuOuCqOTkeOSBo4g9+vP5JQitW6iLIZb+KMBH4MwBEDD1E
+NAn7r101/OWqIzOPEYmIg5mL3miArWJ0kdODEwIDAQABAoIBAQCW2uuLX9k6THkI
+pSlleWJm/A4C6Cz4cy/F7p+VCfA9OCzIQAbKI/VLiPisORdj+tLVPILDeWsNB75G
+F4lhNMObt8E+mRkDm6RPPS4ac0nt6ReMp63lIyLNSvDMj8Yfi1f2wn3hBesVjl8d
+VMmj+Q7m16zgkPgBBrmw+ZUPXU2oyUW4+0RvGYvuWnVUdtm/34PD1LC0NKBKaX9T
+MDHrSIns0WpQ7P4vNVQyHW7MGgEl81uzIitSWuT/k+zH6YxBlxd7d66vmhNoxz9c
+aeEf7DE3wAb4819UYWt0/ciMJwSLPkBOaTeAsktKUHVsrMLVELWcWqSIS+PYbSX8
+g3tY1DlxAoGBANSiDKNjfr1rZRtpZvxnVkssLY/586UaHs+dFfyFyd0unr/rAPf/
+GO/BIO0NbBdRb3XORMuiLQN3xf+qgKfoS0kXYglDMGKbEAC/5o6ZMV6E2E/aFrxh
+xmgKTZxCBVnOxlAy33UFs+qR8tpOnR4auAc0pNPA9QB4I7q17vGJRMyHAoGBAMFf
+7nF2aJ/k0Fcl53Cabs/FIaAwL/GBvok6Ny8wWLwiMZCtsGUUywnUdN/qbfr2GwC5
+g0w2iaxGqQPI+qw2qn0utAIfZ0Tz2VAH+P3aUTuG+M4XWHObHVXxBUqO61X9zgV2
+sXRXcbDOx3HgZeDCjk0otcGVJoC3zgzaaEZi5mQVAoGAQer+2gQ1PUm27XmOmL78
+bI+EjHbjhpKDbL95GnDrdKtIQZz8DuXBeEo6B+M6WDxBvpa0kyByrfmKo0jbW7JS
+7JTYKqDuthL2MhVLx3dMa83pNVAZ7kqtdIGFL+TzvbSxnBk5VxDuhtC6Jd1rLfMA
+jBNQ6eiOy5dzFCXkrnJspq8CgYAO4ISFsihmdMIakk31+cugrHfjzRFDMUopYJMy
+TDPndXH+wX4aqLjeLrw3JeAEOL7nFV6mlGOPH3iNU/8FFMeVDezHZQca5O/JGnPr
+g8pQHBg0MtOZQUvGet5/V/N/ECGzhegtHTUf9yic+DieTBmKkiE5nXHy4TE3B+6R
+y7YR6QKBgQDUoNAFOnMZB4BQMeCb/pQQnzNkNTG+Y02eMKjo5eZZDfyusqIui29l
+KKcVGqvwVh2r8ocP7OnrQPVK9ZW7BcoYiqM2DjdKyl7AtQKnvWfPMai++oXKzo0y
+8sg7m1Ic26sKO9W9t87cfZtFKcbKVcImLWucd9R7Ny4M4r6xlRKWpA==
+-----END RSA PRIVATE KEY-----
+EOT
+      message = "test"
+    }
+}
 
   tags = {
     hello = "world"

website/docs/r/cdn_domain.html.markdown

@@ -32,6 +32,10 @@ resource "tencentcloud_cdn_domain" "foo" {
     ocsp_stapling_switch = "off"
     spdy_switch          = "off"
     verify_client        = "off"
+
+    force_redirect {
+      switch = "on"
+    }
   }
 
   tags = {
@@ -91,10 +95,17 @@ The `client_certificate_config` object supports the following:
 
 * `certificate_content` - (Required) Client Certificate PEM format, requires Base64 encoding.
 
+The `force_redirect` object supports the following:
+
+* `redirect_status_code` - (Optional) Access forced jump code. Valid values are `301` and `302`. When `switch` setting `off`, this property does not need to be set or set to `302`.
+* `redirect_type` - (Optional) Access forced jump type. Valid values are `http` and `https`. When `switch` setting `off`, this property does not need to be set or set to `http`.
+* `switch` - (Optional) Access forced jump configuration switch. Valid values are `on` and `off`. Default value is `off`.
+
 The `https_config` object supports the following:
 
 * `https_switch` - (Required) HTTPS configuration switch. Valid values are `on` and `off`.
 * `client_certificate_config` - (Optional) Client certificate configuration information.
+* `force_redirect` - (Optional) Access protocol mandatory jump configuration. It's a list and consist of at most one item.
 * `http2_switch` - (Optional) HTTP2 configuration switch. Valid values are `on` and `off`. and default value is `off`.
 * `ocsp_stapling_switch` - (Optional) OCSP configuration switch. Valid values are `on` and `off`. and default value is `off`.
 * `server_certificate_config` - (Optional) Server certificate configuration information.