2017-05-16 10:40:33 +00:00
|
|
|
package digitalocean
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
2018-08-29 18:45:16 +00:00
|
|
|
"time"
|
2017-05-16 10:40:33 +00:00
|
|
|
|
|
|
|
"github.com/digitalocean/godo"
|
2019-10-22 21:44:03 +00:00
|
|
|
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
|
|
|
|
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
|
|
|
|
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
|
2017-05-16 10:40:33 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func resourceDigitalOceanCertificate() *schema.Resource {
|
|
|
|
return &schema.Resource{
|
|
|
|
Create: resourceDigitalOceanCertificateCreate,
|
|
|
|
Read: resourceDigitalOceanCertificateRead,
|
|
|
|
Delete: resourceDigitalOceanCertificateDelete,
|
2018-06-25 23:38:10 +00:00
|
|
|
Importer: &schema.ResourceImporter{
|
|
|
|
State: schema.ImportStatePassthrough,
|
|
|
|
},
|
2017-05-16 10:40:33 +00:00
|
|
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
"name": {
|
2018-08-29 18:45:16 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
|
|
|
ForceNew: true,
|
|
|
|
ValidateFunc: validation.NoZeroValues,
|
2017-05-16 10:40:33 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
"private_key": {
|
2018-08-29 18:45:16 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Optional: true,
|
|
|
|
Sensitive: true,
|
|
|
|
ForceNew: true,
|
|
|
|
ValidateFunc: validation.NoZeroValues,
|
2017-05-16 10:40:33 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
"leaf_certificate": {
|
2018-08-29 18:45:16 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Optional: true,
|
|
|
|
ForceNew: true,
|
|
|
|
ValidateFunc: validation.NoZeroValues,
|
2017-05-16 10:40:33 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
"certificate_chain": {
|
2018-08-29 18:45:16 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Optional: true,
|
|
|
|
ForceNew: true,
|
|
|
|
ValidateFunc: validation.NoZeroValues,
|
|
|
|
},
|
|
|
|
|
|
|
|
"domains": {
|
|
|
|
Type: schema.TypeSet,
|
|
|
|
Elem: &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
ValidateFunc: validation.NoZeroValues,
|
|
|
|
},
|
|
|
|
Optional: true,
|
|
|
|
ForceNew: true,
|
|
|
|
ConflictsWith: []string{"private_key", "leaf_certificate", "certificate_chain"},
|
2018-10-04 18:26:28 +00:00
|
|
|
// The domains attribute is computed for custom certs and should be ignored in diffs.
|
2018-10-04 15:41:55 +00:00
|
|
|
DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
|
|
|
|
return d.Get("type") == "custom"
|
|
|
|
},
|
2018-08-29 18:45:16 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
"type": {
|
2017-05-16 10:40:33 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Optional: true,
|
|
|
|
ForceNew: true,
|
2018-08-29 18:45:16 +00:00
|
|
|
Default: "custom",
|
|
|
|
ValidateFunc: validation.StringInSlice([]string{
|
|
|
|
"custom",
|
|
|
|
"lets_encrypt",
|
|
|
|
}, false),
|
|
|
|
},
|
|
|
|
|
|
|
|
"state": {
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Computed: true,
|
2017-05-16 10:40:33 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
"not_after": {
|
|
|
|
Type: schema.TypeString,
|
2017-05-26 14:21:08 +00:00
|
|
|
Computed: true,
|
2017-05-16 10:40:33 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
"sha1_fingerprint": {
|
|
|
|
Type: schema.TypeString,
|
2017-05-26 14:21:08 +00:00
|
|
|
Computed: true,
|
2017-05-16 10:40:33 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func buildCertificateRequest(d *schema.ResourceData) (*godo.CertificateRequest, error) {
|
|
|
|
req := &godo.CertificateRequest{
|
2018-08-29 18:45:16 +00:00
|
|
|
Name: d.Get("name").(string),
|
|
|
|
Type: d.Get("type").(string),
|
|
|
|
}
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("private_key"); ok {
|
|
|
|
req.PrivateKey = v.(string)
|
|
|
|
}
|
|
|
|
if v, ok := d.GetOk("leaf_certificate"); ok {
|
|
|
|
req.LeafCertificate = v.(string)
|
|
|
|
}
|
|
|
|
if v, ok := d.GetOk("certificate_chain"); ok {
|
|
|
|
req.CertificateChain = v.(string)
|
|
|
|
}
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("domains"); ok {
|
|
|
|
req.DNSNames = expandDigitalOceanCertificateDomains(v.(*schema.Set).List())
|
2017-05-16 10:40:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return req, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func resourceDigitalOceanCertificateCreate(d *schema.ResourceData, meta interface{}) error {
|
2019-01-07 23:48:17 +00:00
|
|
|
client := meta.(*CombinedConfig).godoClient()
|
2017-05-16 10:40:33 +00:00
|
|
|
|
2019-03-28 18:13:22 +00:00
|
|
|
certificateType := d.Get("type").(string)
|
|
|
|
if certificateType == "custom" {
|
|
|
|
if _, ok := d.GetOk("private_key"); !ok {
|
|
|
|
return fmt.Errorf("`private_key` is required for when type is `custom` or empty")
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, ok := d.GetOk("leaf_certificate"); !ok {
|
|
|
|
return fmt.Errorf("`leaf_certificate` is required for when type is `custom` or empty")
|
|
|
|
}
|
|
|
|
} else if certificateType == "lets_encrypt" {
|
|
|
|
|
|
|
|
if _, ok := d.GetOk("domains"); !ok {
|
|
|
|
return fmt.Errorf("`domains` is required for when type is `lets_encrypt`")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-05-16 10:40:33 +00:00
|
|
|
log.Printf("[INFO] Create a Certificate Request")
|
|
|
|
|
|
|
|
certReq, err := buildCertificateRequest(d)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Printf("[DEBUG] Certificate Create: %#v", certReq)
|
|
|
|
cert, _, err := client.Certificates.Create(context.Background(), certReq)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error creating Certificate: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
d.SetId(cert.ID)
|
|
|
|
|
2018-09-04 19:00:54 +00:00
|
|
|
log.Printf("[INFO] Waiting for certificate (%s) to have state 'verified'", cert.ID)
|
2018-08-29 18:45:16 +00:00
|
|
|
stateConf := &resource.StateChangeConf{
|
|
|
|
Pending: []string{"pending"},
|
|
|
|
Target: []string{"verified"},
|
|
|
|
Refresh: newCertificateStateRefreshFunc(d, meta),
|
|
|
|
Timeout: d.Timeout(schema.TimeoutCreate),
|
|
|
|
Delay: 10 * time.Second,
|
|
|
|
MinTimeout: 3 * time.Second,
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := stateConf.WaitForState(); err != nil {
|
|
|
|
return fmt.Errorf("Error waiting for certificate (%s) to become active: %s", d.Get("name"), err)
|
|
|
|
}
|
|
|
|
|
2017-05-16 10:40:33 +00:00
|
|
|
return resourceDigitalOceanCertificateRead(d, meta)
|
|
|
|
}
|
|
|
|
|
|
|
|
func resourceDigitalOceanCertificateRead(d *schema.ResourceData, meta interface{}) error {
|
2019-01-07 23:48:17 +00:00
|
|
|
client := meta.(*CombinedConfig).godoClient()
|
2017-05-16 10:40:33 +00:00
|
|
|
|
|
|
|
log.Printf("[INFO] Reading the details of the Certificate %s", d.Id())
|
2018-08-29 18:45:16 +00:00
|
|
|
cert, resp, err := client.Certificates.Get(context.Background(), d.Id())
|
2017-05-16 10:40:33 +00:00
|
|
|
if err != nil {
|
2018-08-29 18:45:16 +00:00
|
|
|
// check if the certificate no longer exists.
|
|
|
|
if resp != nil && resp.StatusCode == 404 {
|
|
|
|
log.Printf("[WARN] DigitalOcean Certificate (%s) not found", d.Id())
|
|
|
|
d.SetId("")
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-05-16 10:40:33 +00:00
|
|
|
return fmt.Errorf("Error retrieving Certificate: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
d.Set("name", cert.Name)
|
2018-08-29 18:45:16 +00:00
|
|
|
d.Set("type", cert.Type)
|
|
|
|
d.Set("state", cert.State)
|
2017-05-16 10:40:33 +00:00
|
|
|
d.Set("not_after", cert.NotAfter)
|
|
|
|
d.Set("sha1_fingerprint", cert.SHA1Fingerprint)
|
|
|
|
|
2018-08-29 18:45:16 +00:00
|
|
|
if err := d.Set("domains", flattenDigitalOceanCertificateDomains(cert.DNSNames)); err != nil {
|
|
|
|
return fmt.Errorf("Error setting `domains`: %+v", err)
|
|
|
|
}
|
|
|
|
|
2017-05-16 10:40:33 +00:00
|
|
|
return nil
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
func resourceDigitalOceanCertificateDelete(d *schema.ResourceData, meta interface{}) error {
|
2019-01-07 23:48:17 +00:00
|
|
|
client := meta.(*CombinedConfig).godoClient()
|
2017-05-16 10:40:33 +00:00
|
|
|
|
|
|
|
log.Printf("[INFO] Deleting Certificate: %s", d.Id())
|
|
|
|
_, err := client.Certificates.Delete(context.Background(), d.Id())
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error deleting Certificate: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
|
|
|
}
|
2018-08-29 18:45:16 +00:00
|
|
|
|
|
|
|
func expandDigitalOceanCertificateDomains(domains []interface{}) []string {
|
|
|
|
expandedDomains := make([]string, len(domains))
|
|
|
|
for i, v := range domains {
|
|
|
|
expandedDomains[i] = v.(string)
|
|
|
|
}
|
|
|
|
|
|
|
|
return expandedDomains
|
|
|
|
}
|
|
|
|
|
|
|
|
func flattenDigitalOceanCertificateDomains(domains []string) *schema.Set {
|
|
|
|
if domains == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
flattenedDomains := schema.NewSet(schema.HashString, []interface{}{})
|
|
|
|
for _, v := range domains {
|
|
|
|
if v != "" {
|
|
|
|
flattenedDomains.Add(v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return flattenedDomains
|
|
|
|
}
|
|
|
|
|
|
|
|
func newCertificateStateRefreshFunc(d *schema.ResourceData, meta interface{}) resource.StateRefreshFunc {
|
2019-01-07 23:48:17 +00:00
|
|
|
client := meta.(*CombinedConfig).godoClient()
|
2018-08-29 18:45:16 +00:00
|
|
|
return func() (interface{}, string, error) {
|
|
|
|
|
|
|
|
// Retrieve the certificate properties
|
|
|
|
cert, _, err := client.Certificates.Get(context.Background(), d.Id())
|
|
|
|
if err != nil {
|
|
|
|
return nil, "", fmt.Errorf("Error retrieving certifica: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return cert, cert.State, nil
|
|
|
|
}
|
|
|
|
}
|