From 47383ef04436894b7d9964929fab5e5da2d8c657 Mon Sep 17 00:00:00 2001
From: Andrei Lukyanchyk <125263040+andrei-lukyanchyk@users.noreply.github.com>
Date: Thu, 2 Jan 2025 10:20:55 +0100
Subject: [PATCH] CDI-914: add use_dns01_le_challenge option (#163)

---
 docs/resources/cdn_resource.md       | 13 +++++++++++++
 gcore/resource_gcore_cdn_options.go  | 19 +++++++++++++++++++
 gcore/resource_gcore_cdn_resource.go | 10 ++++++++++
 3 files changed, 42 insertions(+)

diff --git a/docs/resources/cdn_resource.md b/docs/resources/cdn_resource.md
index c6b1844..77a043d 100644
--- a/docs/resources/cdn_resource.md
+++ b/docs/resources/cdn_resource.md
@@ -153,6 +153,7 @@ Optional:
 - `static_response_headers` (Block List, Max: 1) Specify custom HTTP Headers that a CDN server adds to a response. (see [below for nested schema](#nestedblock--options--static_response_headers))
 - `tls_versions` (Block List, Max: 1) The option specifies a list of allowed SSL/TLS protocol versions. The list cannot be empty. By default, the option is disabled (all protocols versions are allowed). (see [below for nested schema](#nestedblock--options--tls_versions))
 - `use_default_le_chain` (Block List, Max: 1) The option allows choosing a Let's Encrypt certificate chain. The specified chain will be used during the next Let's Encrypt certificate issue or renewal. (see [below for nested schema](#nestedblock--options--use_default_le_chain))
+- `use_dns01_le_challenge` (Block List, Max: 1) The option allows to enable DNS-01 challenge to issue a Let's Encrypt certificate for the resource. DNS service should be activated to enable this option. (see [below for nested schema](#nestedblock--options--use_dns01_le_challenge))
 - `use_rsa_le_cert` (Block List, Max: 1) The option allows choosing the RSA Let's Encrypt certificate type for the resource. (see [below for nested schema](#nestedblock--options--use_rsa_le_cert))
 - `user_agent_acl` (Block List, Max: 1) User agents policy option allows to control access to the content for specified user-agent. (see [below for nested schema](#nestedblock--options--user_agent_acl))
 - `waap` (Block List, Max: 1) Option allows to enable WAAP (Web Application and API Protection). (see [below for nested schema](#nestedblock--options--waap))
@@ -675,6 +676,18 @@ Optional:
 - `enabled` (Boolean)
 
 
+<a id="nestedblock--options--use_dns01_le_challenge"></a>
+### Nested Schema for `options.use_dns01_le_challenge`
+
+Required:
+
+- `value` (Boolean)
+
+Optional:
+
+- `enabled` (Boolean)
+
+
 <a id="nestedblock--options--use_rsa_le_cert"></a>
 ### Nested Schema for `options.use_rsa_le_cert`
 
diff --git a/gcore/resource_gcore_cdn_options.go b/gcore/resource_gcore_cdn_options.go
index f8574ab..6d37709 100644
--- a/gcore/resource_gcore_cdn_options.go
+++ b/gcore/resource_gcore_cdn_options.go
@@ -1049,6 +1049,25 @@ var (
 				},
 			},
 		},
+		"use_dns01_le_challenge": {
+			Type:        schema.TypeList,
+			MaxItems:    1,
+			Optional:    true,
+			Description: "The option allows to enable DNS-01 challenge to issue a Let's Encrypt certificate for the resource. DNS service should be activated to enable this option.",
+			Elem: &schema.Resource{
+				Schema: map[string]*schema.Schema{
+					"enabled": {
+						Type:     schema.TypeBool,
+						Optional: true,
+						Default:  true,
+					},
+					"value": {
+						Type:     schema.TypeBool,
+						Required: true,
+					},
+				},
+			},
+		},
 		"use_rsa_le_cert": {
 			Type:        schema.TypeList,
 			MaxItems:    1,
diff --git a/gcore/resource_gcore_cdn_resource.go b/gcore/resource_gcore_cdn_resource.go
index bf4c26d..c42a380 100644
--- a/gcore/resource_gcore_cdn_resource.go
+++ b/gcore/resource_gcore_cdn_resource.go
@@ -591,6 +591,12 @@ func listToOptions(l []interface{}) *gcdn.Options {
 			Value:   opt["value"].(bool),
 		}
 	}
+	if opt, ok := getOptByName(fields, "use_dns01_le_challenge"); ok {
+		opts.UseDNS01LEChallenge = &gcdn.UseDNS01LEChallenge{
+			Enabled: opt["enabled"].(bool),
+			Value:   opt["value"].(bool),
+		}
+	}
 	if opt, ok := getOptByName(fields, "user_agent_acl"); ok {
 		opts.UserAgentACL = &gcdn.UserAgentACL{
 			Enabled:    opt["enabled"].(bool),
@@ -820,6 +826,10 @@ func optionsToList(options *gcdn.Options) []interface{} {
 		m := structToMap(options.UseDefaultLEChain)
 		result["use_default_le_chain"] = []interface{}{m}
 	}
+	if options.UseDNS01LEChallenge != nil {
+		m := structToMap(options.UseDNS01LEChallenge)
+		result["use_dns01_le_challenge"] = []interface{}{m}
+	}
 	if options.UserAgentACL != nil {
 		m := structToMap(options.UserAgentACL)
 		result["user_agent_acl"] = []interface{}{m}