Update schema

Also update cert handling.

digitalocean/loadbalancer/datasource_loadbalancer.go

@@ -250,87 +250,75 @@ func DataSourceDigitalOceanLoadbalancer() *schema.Resource {
 			},
 			"type": {
 				Type:        schema.TypeString,
-				Optional:    true,
 				Computed:    true,
 				Description: "the type of the load balancer (GLOBAL or REGIONAL)",
 			},
 			"domains": {
 				Type:        schema.TypeSet,
-				Optional:    true,
 				Computed:    true,
-				MinItems:    1,
 				Description: "the list of domains required to ingress traffic to global load balancer",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"name": {
-							Type:         schema.TypeString,
-							Required:     true,
-							ValidateFunc: validation.NoZeroValues,
-							Description:  "domain name",
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "domain name",
 						},
 						"is_managed": {
 							Type:        schema.TypeBool,
-							Optional:    true,
-							Default:     false,
+							Computed:    true,
 							Description: "flag indicating if domain is managed by DigitalOcean",
 						},
 						"certificate_id": {
-							Type:         schema.TypeString,
-							Optional:     true,
-							ValidateFunc: validation.NoZeroValues,
-							Description:  "certificate ID for TLS handshaking",
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "certificate ID for TLS handshaking",
+						},
+						"certificate_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "name of certificate required for TLS handshaking",
 						},
 						"verification_error_reasons": {
 							Type:        schema.TypeList,
 							Computed:    true,
 							Elem:        &schema.Schema{Type: schema.TypeString},
-							Optional:    true,
 							Description: "list of domain verification errors",
 						},
 						"ssl_validation_error_reasons": {
 							Type:        schema.TypeList,
 							Computed:    true,
 							Elem:        &schema.Schema{Type: schema.TypeString},
-							Optional:    true,
 							Description: "list of domain SSL validation errors",
 						},
 					},
 				},
 			},
 			"glb_settings": {
 				Type:        schema.TypeList,
-				Optional:    true,
 				Computed:    true,
-				MaxItems:    1,
 				Description: "configuration options for global load balancer",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"target_protocol": {
-							Type:     schema.TypeString,
-							Required: true,
-							ValidateFunc: validation.StringInSlice([]string{
-								"http",
-								"https",
-							}, false),
+							Type:        schema.TypeString,
+							Computed:    true,
 							Description: "target protocol rules",
 						},
 						"target_port": {
-							Type:         schema.TypeInt,
-							Required:     true,
-							ValidateFunc: validation.IntInSlice([]int{80, 443}),
-							Description:  "target port rules",
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "target port rules",
 						},
 						"cdn": {
 							Type:        schema.TypeList,
-							Optional:    true,
-							MaxItems:    1,
+							Computed:    true,
 							Description: "CDN specific configurations",
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"is_enabled": {
 										Type:        schema.TypeBool,
-										Optional:    true,
-										Default:     false,
+										Computed:    true,
 										Description: "cache enable flag",
 									},
 								},
@@ -342,7 +330,6 @@ func DataSourceDigitalOceanLoadbalancer() *schema.Resource {
 			"target_load_balancer_ids": {
 				Type:        schema.TypeSet,
 				Elem:        &schema.Schema{Type: schema.TypeString},
-				Optional:    true,
 				Computed:    true,
 				Description: "list of load balancer IDs to put behind a global load balancer",
 			},
@@ -451,7 +438,7 @@ func dataSourceDigitalOceanLoadbalancerRead(ctx context.Context, d *schema.Resou
 		return diag.Errorf("[DEBUG] Error setting Load Balancer firewall - error: %#v", err)
 	}
 
-	domains, err := flattenDomains(foundLoadbalancer.Domains)
+	domains, err := flattenDomains(client, foundLoadbalancer.Domains)
 	if err != nil {
 		return diag.Errorf("[DEBUG] Error building Load Balancer domains - error: %#v", err)
 	}

digitalocean/loadbalancer/loadbalancer.go

@@ -257,7 +257,7 @@ func flattenForwardingRules(client *godo.Client, rules []godo.ForwardingRule) ([
 	return result, nil
 }
 
-func expandDomains(config []interface{}) ([]*godo.LBDomain, error) {
+func expandDomains(client *godo.Client, config []interface{}) ([]*godo.LBDomain, error) {
 	domains := make([]*godo.LBDomain, 0, len(config))
 
 	for _, rawDomain := range config {
@@ -268,10 +268,16 @@ func expandDomains(config []interface{}) ([]*godo.LBDomain, error) {
 			r.IsManaged = v.(bool)
 		}
 
-		if v, ok := domain["certificate_id"]; ok {
-			r.CertificateID = v.(string)
+		if v, ok := domain["certificate_name"]; ok {
+			certName := v.(string)
+			if certName != "" {
+				cert, err := certificate.FindCertificateByName(client, certName)
+				if err != nil {
+					return nil, err
+				}
+				r.CertificateID = cert.ID
+			}
 		}
-
 		domains = append(domains, r)
 	}
 
@@ -297,7 +303,7 @@ func expandGLBSettings(config []interface{}) *godo.GLBSettings {
 	return glbSettings
 }
 
-func flattenDomains(domains []*godo.LBDomain) ([]map[string]interface{}, error) {
+func flattenDomains(client *godo.Client, domains []*godo.LBDomain) ([]map[string]interface{}, error) {
 	if len(domains) == 0 {
 		return nil, nil
 	}
@@ -312,9 +318,19 @@ func flattenDomains(domains []*godo.LBDomain) ([]map[string]interface{}, error)
 		r["verification_error_reasons"] = (*domain).VerificationErrorReasons
 		r["ssl_validation_error_reasons"] = (*domain).SSLValidationErrorReasons
 
+		if domain.CertificateID != "" {
+			// When the certificate type is lets_encrypt, the certificate
+			// ID will change when it's renewed, so we have to rely on the
+			// certificate name as the primary identifier instead.
+			cert, _, err := client.Certificates.Get(context.Background(), domain.CertificateID)
+			if err != nil {
+				return nil, err
+			}
+			r["certificate_id"] = cert.Name
+			r["certificate_name"] = cert.Name
+		}
 		result = append(result, r)
 	}
-
 	return result, nil
 }
 

digitalocean/loadbalancer/resource_loadbalancer.go

@@ -462,24 +462,23 @@ func resourceDigitalOceanLoadBalancerV0() *schema.Resource {
 							Default:     false,
 							Description: "flag indicating if domain is managed by DigitalOcean",
 						},
-						"certificate_id": {
+						"certificate_name": {
 							Type:         schema.TypeString,
 							Optional:     true,
+							Computed:     true,
 							ValidateFunc: validation.NoZeroValues,
-							Description:  "certificate ID for TLS handshaking",
+							Description:  "name of certificate required for TLS handshaking",
 						},
 						"verification_error_reasons": {
 							Type:        schema.TypeList,
 							Computed:    true,
 							Elem:        &schema.Schema{Type: schema.TypeString},
-							Optional:    true,
 							Description: "list of domain verification errors",
 						},
 						"ssl_validation_error_reasons": {
 							Type:        schema.TypeList,
 							Computed:    true,
 							Elem:        &schema.Schema{Type: schema.TypeString},
-							Optional:    true,
 							Description: "list of domain SSL validation errors",
 						},
 					},
@@ -632,7 +631,7 @@ func buildLoadBalancerRequest(client *godo.Client, d *schema.ResourceData) (*god
 	}
 
 	if v, ok := d.GetOk("domains"); ok {
-		domains, err := expandDomains(v.(*schema.Set).List())
+		domains, err := expandDomains(client, v.(*schema.Set).List())
 		if err != nil {
 			return nil, err
 		}