Feature request: Helpful SSL defaults for backends

[wosc]

When setting use_ssl=true, you currently have to also explicitly set port=443 and in most cases repeat the address value in ssl_cert_hostname/ssl_sni_hostname, because Fastly requires those values. It would be nice if the provider could fill those values in (if they're not explicitly given), so we could go from this

  backend {
    name = "example"
    address = "example.com"
    use_ssl = true
    port = 443
    ssl_cert_hostname = "example.com"
    ssl_sni_hostname = "example.com"
  }

to the simpler spelling of

  backend {
    name = "example"
    address = "example.com"
    use_ssl = true
  }

[Integralist]

I think it's possible to implement something like this. I've put together a quick proof-of-concept (see change set diff below and also associated screenshots).

diff --git a/fastly/block_fastly_service_backend.go b/fastly/block_fastly_service_backend.go
index 45f3cefc..0c01a029 100644
--- a/fastly/block_fastly_service_backend.go
+++ b/fastly/block_fastly_service_backend.go
@@ -104,8 +104,8 @@ func (h *BackendServiceAttributeHandler) GetSchema() *schema.Schema {
 		},
 		"port": {
 			Type:        schema.TypeInt,
+			Computed:    true,
 			Optional:    true,
-			Default:     80,
 			Description: "The port number on which the Backend responds. Default `80`",
 		},
 		"shield": {
@@ -122,8 +122,8 @@ func (h *BackendServiceAttributeHandler) GetSchema() *schema.Schema {
 		},
 		"ssl_cert_hostname": {
 			Type:        schema.TypeString,
+			Computed:    true,
 			Optional:    true,
-			Default:     "",
 			Description: "Configure certificate validation. Does not affect SNI at all",
 		},
 		"ssl_check_cert": {
@@ -154,8 +154,8 @@ func (h *BackendServiceAttributeHandler) GetSchema() *schema.Schema {
 		},
 		"ssl_sni_hostname": {
 			Type:        schema.TypeString,
+			Computed:    true,
 			Optional:    true,
-			Default:     "",
 			Description: "Configure SNI in the TLS handshake. Does not affect cert validation at all",
 		},
 		"use_ssl": {
@@ -278,7 +278,6 @@ func (h *BackendServiceAttributeHandler) buildCreateBackendInput(service string,
 		HealthCheck:         gofastly.String(resource["healthcheck"].(string)),
 		MaxConn:             gofastly.Int(resource["max_conn"].(int)),
 		Name:                gofastly.String(resource["name"].(string)),
-		Port:                gofastly.Int(resource["port"].(int)),
 		SSLCheckCert:        gofastly.CBool(resource["ssl_check_cert"].(bool)),
 		ServiceID:           service,
 		ServiceVersion:      latestVersion,
@@ -287,6 +286,19 @@ func (h *BackendServiceAttributeHandler) buildCreateBackendInput(service string,
 		Weight:              gofastly.Int(resource["weight"].(int)),
 	}
 
+	if resource["port"].(int) > 0 {
+		opts.Port = gofastly.Int(resource["port"].(int))
+	} else {
+		// If the user provides a value, then Terraform will set it (see above).
+		// If no value provided, and use_ssl is set, we default to port 443.
+		// Otherwise if use_ssl is not set we default to port 80.
+		if resource["use_ssl"].(bool) {
+			opts.Port = gofastly.Int(443)
+		} else {
+			opts.Port = gofastly.Int(80)
+		}
+	}
+
 	// WARNING: The following fields shouldn't have an empty string passed.
 	// As it will cause the Fastly API to return an error.
 	// This is because go-fastly v7+ will not 'omitempty' due to pointer type.
@@ -304,6 +316,12 @@ func (h *BackendServiceAttributeHandler) buildCreateBackendInput(service string,
 	}
 	if resource["ssl_cert_hostname"].(string) != "" {
 		opts.SSLCertHostname = gofastly.String(resource["ssl_cert_hostname"].(string))
+	} else {
+		if resource["use_ssl"].(bool) {
+			// If the user provides a value, then Terraform will set it (see above).
+			// If no value provided, and use_ssl is set, we default to 'address'.
+			opts.SSLCertHostname = gofastly.String(resource["address"].(string))
+		}
 	}
 	if resource["ssl_ciphers"].(string) != "" {
 		opts.SSLCiphers = gofastly.String(resource["ssl_ciphers"].(string))
@@ -316,6 +334,12 @@ func (h *BackendServiceAttributeHandler) buildCreateBackendInput(service string,
 	}
 	if resource["ssl_sni_hostname"].(string) != "" {
 		opts.SSLSNIHostname = gofastly.String(resource["ssl_sni_hostname"].(string))
+	} else {
+		if resource["use_ssl"].(bool) {
+			// If the user provides a value, then Terraform will set it (see above).
+			// If no value provided, and use_ssl is set, we default to 'address'.
+			opts.SSLSNIHostname = gofastly.String(resource["address"].(string))
+		}
 	}
 
 	if h.GetServiceMetadata().serviceType == ServiceTypeVCL {

Example

Here is an example backend definition:

  backend {
    address = "httpbin.org"
    name    = "httpbin"
    use_ssl = true
  }

This is what the plan looks like with the latest Terraform provider release:
Notice use_ssl is set to true and yet the port value is wrong (it's set to 80).

This is what the plan looks like using the diff change set above:
Notice use_ssl is set to true and now the port value (and ssl_cert_hostname and ssl_sni_hostname) are marked as being 'computed'.

This is the state file after applying the changes (using my diff change set from above):
Notice that port is correctly set to 443 because we set use_ssl to true.
Also notice that ssl_cert_hostname and ssl_sni_hostname are set to the same value as address.