Add Fastly SSL validation fields

builtin/providers/fastly/resource_fastly_service_v1.go

@@ -188,7 +188,19 @@ func resourceServiceV1() *schema.Resource {
 							Type:        schema.TypeString,
 							Optional:    true,
 							Default:     "",
-							Description: "SSL certificate hostname",
+							Description: "SSL certificate hostname (deprecated by Fastly)",
+						},
+						"ssl_cert_hostname": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Default:     "",
+							Description: "SSL certificate hostname for cert verification",
+						},
+						"ssl_sni_hostname": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Default:     "",
+							Description: "SSL certificate hostname for SNI verification",
 						},
 						// UseSSL is something we want to support in the future, but
 						// requires SSL setup we don't yet have
@@ -1011,6 +1023,8 @@ func resourceServiceV1Update(d *schema.ResourceData, meta interface{}) error {
 					AutoLoadbalance:     gofastly.CBool(df["auto_loadbalance"].(bool)),
 					SSLCheckCert:        gofastly.CBool(df["ssl_check_cert"].(bool)),
 					SSLHostname:         df["ssl_hostname"].(string),
+					SSLCertHostname:     df["ssl_cert_hostname"].(string),
+					SSLSNIHostname:      df["ssl_sni_hostname"].(string),
 					Shield:              df["shield"].(string),
 					Port:                uint(df["port"].(int)),
 					BetweenBytesTimeout: uint(df["between_bytes_timeout"].(int)),
@@ -1917,6 +1931,8 @@ func flattenBackends(backendList []*gofastly.Backend) []map[string]interface{} {
 			"shield":                b.Shield,
 			"ssl_check_cert":        gofastly.CBool(b.SSLCheckCert),
 			"ssl_hostname":          b.SSLHostname,
+			"ssl_cert_hostname":     b.SSLCertHostname,
+			"ssl_sni_hostname":      b.SSLSNIHostname,
 			"weight":                int(b.Weight),
 			"request_condition":     b.RequestCondition,
 		}

builtin/providers/fastly/resource_fastly_service_v1_test.go

@@ -73,6 +73,8 @@ func TestResourceFastlyFlattenBackend(t *testing.T) {
 					RequestCondition:    "",
 					SSLCheckCert:        true,
 					SSLHostname:         "",
+					SSLCertHostname:     "",
+					SSLSNIHostname:      "",
 					Shield:              "New York",
 					Weight:              uint(100),
 				},
@@ -91,6 +93,8 @@ func TestResourceFastlyFlattenBackend(t *testing.T) {
 					"request_condition":     "",
 					"ssl_check_cert":        gofastly.CBool(true),
 					"ssl_hostname":          "",
+					"ssl_cert_hostname":     "",
+					"ssl_sni_hostname":      "",
 					"shield":                "New York",
 					"weight":                100,
 				},

website/source/docs/providers/fastly/r/service_v1.html.markdown

@@ -180,7 +180,9 @@ Default `200`.
 * `port` - (Optional) The port number on which the Backend responds. Default `80`.
 * `request_condition` - (Optional, string) Name of already defined `condition`, which if met, will select this backend during a request.
 * `ssl_check_cert` - (Optional) Be strict about checking SSL certs. Default `true`.
-* `ssl_hostname` - (Optional) Used for both SNI during the TLS handshake and to validate the cert.
+* `ssl_hostname` - (Optional, deprecated by Fastly) Used for both SNI during the TLS handshake and to validate the cert.
+* `ssl_cert_hostname` - (Optional) Overrides ssl_hostname, but only for cert verification. Does not affect SNI at all.
+* `ssl_sni_hostname` - (Optional) Overrides ssl_hostname, but only for SNI in the handshake. Does not affect cert validation at all.
 * `shield` - (Optional) The POP of the shield designated to reduce inbound load.
 * `weight` - (Optional) The [portion of traffic](https://docs.fastly.com/guides/performance-tuning/load-balancing-configuration.html#how-weight-affects-load-balancing) to send to this Backend. Each Backend receives `weight / total` of the traffic. Default `100`.