ENG-12435: Uptake of new Listener API with override repo tls flag and tls mode.

Makefile

@@ -87,3 +87,8 @@ docker-compose/docs:
 sweep:
 	@echo "WARNING: This will destroy infrastructure. Use only for development control planes."
 	go test $(SWEEPDIR) -v -sweep=dummy-region $(SWEEPARGS) -timeout 15m
+
+# update module and test dependencies to latest minor and patch level
+up-deps:
+	$(GOGET) -u ./...
+	$(GOGET) -t ./...

cyral/data_source_cyral_sidecar_listener.go

@@ -8,8 +8,9 @@ import (
 	"github.com/google/uuid"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
-	"github.com/cyralinc/terraform-provider-cyral/client"
 	"golang.org/x/exp/slices"
+
+	"github.com/cyralinc/terraform-provider-cyral/client"
 )
 
 const (
@@ -33,13 +34,15 @@ func (data ReadDataSourceSidecarListenerAPIResponse) WriteToSchema(d *schema.Res
 		if (repoTypeFilter == "" || slices.Contains(listenerConfig.RepoTypes, repoTypeFilter)) &&
 			(portFilter == 0 || listenerConfig.NetworkAddress.Port == portFilter) {
 			listener := map[string]any{
-				ListenerIDKey:       listenerConfig.ListenerId,
-				SidecarIDKey:        d.Get(SidecarIDKey).(string),
-				RepoTypesKey:        listenerConfig.RepoTypes,
-				NetworkAddressKey:   listenerConfig.NetworkAddressAsInterface(),
-				MySQLSettingsKey:    listenerConfig.MySQLSettingsAsInterface(),
-				S3SettingsKey:       listenerConfig.S3SettingsAsInterface(),
-				DynamoDbSettingsKey: listenerConfig.DynamoDbSettingsAsInterface(),
+				ListenerIDKey:                    listenerConfig.ListenerId,
+				SidecarIDKey:                     d.Get(SidecarIDKey).(string),
+				RepoTypesKey:                     listenerConfig.RepoTypes,
+				NetworkAddressKey:                listenerConfig.NetworkAddressAsInterface(),
+				MySQLSettingsKey:                 listenerConfig.MySQLSettingsAsInterface(),
+				S3SettingsKey:                    listenerConfig.S3SettingsAsInterface(),
+				DynamoDbSettingsKey:              listenerConfig.DynamoDbSettingsAsInterface(),
+				OverrideRepoClientTlsSettingsKey: listenerConfig.OverrideRepoClientTlsSettings,
+				TlsModeKey:                       listenerConfig.TlsMode,
 			}
 			log.Printf("[DEBUG] listener: %q", listener)
 			listenersList = append(listenersList, listener)

cyral/resource_cyral_sidecar_listener.go

@@ -14,25 +14,37 @@ import (
 // create a constant block for schema keys
 
 const (
-	RepoTypesKey        = "repo_types"
-	NetworkAddressKey   = "network_address"
-	MySQLSettingsKey    = "mysql_settings"
-	DbVersionKey        = "db_version"
-	CharacterSetKey     = "character_set"
-	S3SettingsKey       = "s3_settings"
-	ProxyModeKey        = "proxy_mode"
-	DynamoDbSettingsKey = "dynamodb_settings"
+	RepoTypesKey                     = "repo_types"
+	NetworkAddressKey                = "network_address"
+	MySQLSettingsKey                 = "mysql_settings"
+	DbVersionKey                     = "db_version"
+	CharacterSetKey                  = "character_set"
+	S3SettingsKey                    = "s3_settings"
+	ProxyModeKey                     = "proxy_mode"
+	DynamoDbSettingsKey              = "dynamodb_settings"
+	OverrideRepoClientTlsSettingsKey = "override_repo_client_tls_settings"
+	TlsModeKey                       = "tls_mode"
 )
 
+func tlsModes() []string {
+	return []string{
+		"allow", // default, must be kept at position 0
+		"require",
+		"disable",
+	}
+}
+
 // SidecarListener struct for sidecar listener.
 type SidecarListener struct {
-	SidecarId        string            `json:"-"`
-	ListenerId       string            `json:"id"`
-	RepoTypes        []string          `json:"repoTypes"`
-	NetworkAddress   *NetworkAddress   `json:"address,omitempty"`
-	MySQLSettings    *MySQLSettings    `json:"mysqlSettings,omitempty"`
-	S3Settings       *S3Settings       `json:"s3Settings,omitempty"`
-	DynamoDbSettings *DynamoDbSettings `json:"dynamoDbSettings,omitempty"`
+	SidecarId                     string            `json:"-"`
+	ListenerId                    string            `json:"id"`
+	RepoTypes                     []string          `json:"repoTypes"`
+	NetworkAddress                *NetworkAddress   `json:"address,omitempty"`
+	MySQLSettings                 *MySQLSettings    `json:"mysqlSettings,omitempty"`
+	S3Settings                    *S3Settings       `json:"s3Settings,omitempty"`
+	DynamoDbSettings              *DynamoDbSettings `json:"dynamoDbSettings,omitempty"`
+	OverrideRepoClientTlsSettings bool              `json:"overrideRepoClientTlsSettings,omitempty"`
+	TlsMode                       string            `json:"tlsMode,omitempty"`
 }
 type NetworkAddress struct {
 	Host string `json:"host,omitempty"`
@@ -83,6 +95,8 @@ func (data ReadSidecarListenerAPIResponse) WriteToSchema(d *schema.ResourceData)
 		_ = d.Set(S3SettingsKey, data.ListenerConfig.S3SettingsAsInterface())
 		_ = d.Set(MySQLSettingsKey, data.ListenerConfig.MySQLSettingsAsInterface())
 		_ = d.Set(DynamoDbSettingsKey, data.ListenerConfig.DynamoDbSettingsAsInterface())
+		_ = d.Set(OverrideRepoClientTlsSettingsKey, data.ListenerConfig.OverrideRepoClientTlsSettings)
+		_ = d.Set(TlsModeKey, data.ListenerConfig.TlsMode)
 	}
 	log.Printf("[DEBUG] End ReadSidecarListenerAPIResponse.WriteToSchema")
 	return nil
@@ -184,8 +198,10 @@ type SidecarListenerResource struct {
 // ReadFromSchema populates the SidecarListenerResource from the schema
 func (s *SidecarListenerResource) ReadFromSchema(d *schema.ResourceData) error {
 	s.ListenerConfig = SidecarListener{
-		SidecarId:  d.Get(SidecarIDKey).(string),
-		ListenerId: d.Get(ListenerIDKey).(string),
+		SidecarId:                     d.Get(SidecarIDKey).(string),
+		ListenerId:                    d.Get(ListenerIDKey).(string),
+		OverrideRepoClientTlsSettings: d.Get(OverrideRepoClientTlsSettingsKey).(bool),
+		TlsMode:                       d.Get(TlsModeKey).(string),
 	}
 	s.ListenerConfig.RepoTypesFromInterface(d.Get(RepoTypesKey).([]interface{}))
 	s.ListenerConfig.NetworkAddressFromInterface(d.Get(NetworkAddressKey).(*schema.Set).List())
@@ -205,7 +221,7 @@ func resourceSidecarListener() *schema.Resource {
 	return &schema.Resource{
 		Description: "Manages [sidecar listeners](https://cyral.com/docs/sidecars/sidecar-listeners)." +
 			"\n~> **Warning** Multiple listeners can be associated to a single sidecar as long as " +
-			"`host` and `port` are unique. If `host` is ommitted, then `port` must be unique.",
+			"`host` and `port` are unique. If `host` is omitted, then `port` must be unique.",
 		CreateContext: CreateResource(
 			ResourceOperationConfig{
 				Name:       "SidecarListenersResourceCreate",
@@ -402,5 +418,22 @@ func getSidecarListenerSchema() map[string]*schema.Schema {
 				},
 			},
 		},
+		OverrideRepoClientTlsSettingsKey: {
+			Description: "Override TLS settings defined in the repo. " +
+				"Default value generated by API if not provided. ",
+			Type:     schema.TypeBool,
+			Optional: true,
+			Computed: true,
+		},
+		TlsModeKey: {
+			Description: "TLS mode. " +
+				"Default value generated by API if not provided. " +
+				"Note! This field is in effect only if OverrideRepoClientTlsSettings is set to true or the listener " +
+				"is a SMART port (enabled in more than one binding). " +
+				"Allowed values: " + supportedTypesMarkdown(tlsModes()) + ".",
+			Type:     schema.TypeString,
+			Optional: true,
+			Computed: true,
+		},
 	}
 }

cyral/resource_cyral_sidecar_listener_test.go

@@ -68,6 +68,16 @@ func updateTest() []resource.TestStep {
 			DbVersion: "3.4.0",
 		},
 	}
+	// Override repo client TLS settings.
+	overrideRepoClientTLS := SidecarListener{
+		RepoTypes: []string{"mysql"},
+		NetworkAddress: &NetworkAddress{
+			Port: 443,
+			Host: "https://s3.test.com",
+		},
+		OverrideRepoClientTlsSettings: true,
+		TlsMode:                       "require",
+	}
 
 	return []resource.TestStep{
 		setupSidecarListenerTestStep(
@@ -86,6 +96,10 @@ func updateTest() []resource.TestStep {
 			"update_test",
 			addSettings,
 		),
+		setupSidecarListenerTestStep(
+			"update_test",
+			overrideRepoClientTLS,
+		),
 	}
 }
 

docs/data-sources/sidecar_listener.md

@@ -52,9 +52,11 @@ Read-Only:
 - `listener_id` (String)
 - `mysql_settings` (Set of Object) (see [below for nested schema](#nestedobjatt--listener_list--mysql_settings))
 - `network_address` (Set of Object) (see [below for nested schema](#nestedobjatt--listener_list--network_address))
+- `override_repo_client_tls_settings` (Boolean)
 - `repo_types` (List of String)
 - `s3_settings` (Set of Object) (see [below for nested schema](#nestedobjatt--listener_list--s3_settings))
 - `sidecar_id` (String)
+- `tls_mode` (String)
 
 <a id="nestedobjatt--listener_list--dynamodb_settings"></a>
 

docs/resources/sidecar_listener.md

@@ -1,7 +1,7 @@
 # cyral_sidecar_listener (Resource)
 
 Manages [sidecar listeners](https://cyral.com/docs/sidecars/sidecar-listeners).
-~> **Warning** Multiple listeners can be associated to a single sidecar as long as `host` and `port` are unique. If `host` is ommitted, then `port` must be unique.
+~> **Warning** Multiple listeners can be associated to a single sidecar as long as `host` and `port` are unique. If `host` is omitted, then `port` must be unique.
 
 -> Import ID syntax is `{sidecar_id}/{listener_id}`.
 
@@ -105,7 +105,12 @@ resource "cyral_sidecar_listener" "listener_dynamodb" {
 
 - `dynamodb_settings` (Block Set, Max: 1) DynamoDB settings. (see [below for nested schema](#nestedblock--dynamodb_settings))
 - `mysql_settings` (Block Set, Max: 1) MySQL settings represents the listener settings for a [`mysql`, `galera`, `mariadb`] data repository. (see [below for nested schema](#nestedblock--mysql_settings))
+- `override_repo_client_tls_settings` (Boolean) Override TLS settings defined in the repo. Default value generated by API if not provided.
 - `s3_settings` (Block Set, Max: 1) S3 settings. (see [below for nested schema](#nestedblock--s3_settings))
+- `tls_mode` (String) TLS mode. Default value generated by API if not provided. Note! This field is in effect only if OverrideRepoClientTlsSettings is set to true or the listener is a SMART port (enabled in more than one binding). Allowed values:
+  - `allow`
+  - `require`
+  - `disable`.
 
 ### Read-Only
 

go.mod

@@ -3,76 +3,76 @@ module github.com/cyralinc/terraform-provider-cyral
 go 1.19
 
 require (
-	github.com/aws/aws-sdk-go v1.39.4
+	github.com/aws/aws-sdk-go v1.44.327
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
-	github.com/hashicorp/terraform-plugin-sdk/v2 v2.25.0
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0
 	github.com/stretchr/testify v1.8.4
-	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df
-	golang.org/x/oauth2 v0.4.0
+	golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63
+	golang.org/x/oauth2 v0.11.0
 )
 
 require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
-	github.com/agext/levenshtein v1.2.2 // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fatih/color v1.13.0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
-	github.com/hashicorp/go-hclog v1.4.0 // indirect
+	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.8 // indirect
+	github.com/hashicorp/go-plugin v1.4.10 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hc-install v0.5.2 // indirect
-	github.com/hashicorp/hcl/v2 v2.16.1 // indirect
+	github.com/hashicorp/hcl/v2 v2.17.0 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.18.1 // indirect
 	github.com/hashicorp/terraform-json v0.17.1 // indirect
-	github.com/hashicorp/terraform-plugin-go v0.14.3 // indirect
-	github.com/hashicorp/terraform-plugin-log v0.8.0 // indirect
-	github.com/hashicorp/terraform-registry-address v0.1.0 // indirect
-	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
-	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
+	github.com/hashicorp/terraform-plugin-go v0.18.0 // indirect
+	github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
+	github.com/hashicorp/terraform-registry-address v0.2.2 // indirect
+	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mitchellh/cli v1.1.5 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/oklog/run v1.0.0 // indirect
+	github.com/oklog/run v1.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/posener/complete v1.2.3 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
-	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
-	github.com/vmihailenco/tagparser v0.1.1 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
+	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/zclconf/go-cty v1.13.2 // indirect
-	golang.org/x/crypto v0.8.0 // indirect
-	golang.org/x/mod v0.11.0 // indirect
-	golang.org/x/net v0.9.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
-	google.golang.org/grpc v1.53.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230815205213-6bfd019c3878 // indirect
+	google.golang.org/grpc v1.57.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )