Suppress diff for dns names on custom certificate resources (Fixes: #146).
This commit is contained in:
parent
ed480866a9
commit
bc91bcb4f6
|
@ -60,6 +60,9 @@ func resourceDigitalOceanCertificate() *schema.Resource {
|
||||||
Optional: true,
|
Optional: true,
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
ConflictsWith: []string{"private_key", "leaf_certificate", "certificate_chain"},
|
ConflictsWith: []string{"private_key", "leaf_certificate", "certificate_chain"},
|
||||||
|
DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
|
||||||
|
return d.Get("type") == "custom"
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
"type": {
|
"type": {
|
||||||
|
|
|
@ -1,10 +1,18 @@
|
||||||
package digitalocean
|
package digitalocean
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
|
crand "crypto/rand"
|
||||||
|
"crypto/rsa"
|
||||||
|
"crypto/x509"
|
||||||
|
"crypto/x509/pkix"
|
||||||
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"math/big"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/digitalocean/godo"
|
"github.com/digitalocean/godo"
|
||||||
"github.com/hashicorp/terraform/helper/acctest"
|
"github.com/hashicorp/terraform/helper/acctest"
|
||||||
|
@ -90,11 +98,11 @@ func testAccCheckDigitalOceanCertificateExists(n string, cert *godo.Certificate)
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateTestCertMaterial(t *testing.T) (string, string, string) {
|
func generateTestCertMaterial(t *testing.T) (string, string, string) {
|
||||||
leafCertMaterial, privateKeyMaterial, err := acctest.RandTLSCert("Acme Co")
|
leafCertMaterial, privateKeyMaterial, err := randTLSCert("Acme Co", "example.com")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Cannot generate test TLS certificate: %s", err)
|
t.Fatalf("Cannot generate test TLS certificate: %s", err)
|
||||||
}
|
}
|
||||||
rootCertMaterial, _, err := acctest.RandTLSCert("Acme Go")
|
rootCertMaterial, _, err := randTLSCert("Acme Go", "example.com")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Cannot generate test TLS certificate: %s", err)
|
t.Fatalf("Cannot generate test TLS certificate: %s", err)
|
||||||
}
|
}
|
||||||
|
@ -103,6 +111,63 @@ func generateTestCertMaterial(t *testing.T) (string, string, string) {
|
||||||
return privateKeyMaterial, leafCertMaterial, certChainMaterial
|
return privateKeyMaterial, leafCertMaterial, certChainMaterial
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Based on Terraform's acctest.RandTLSCert, but allows for passing DNS name.
|
||||||
|
func randTLSCert(orgName string, dnsName string) (string, string, error) {
|
||||||
|
template := &x509.Certificate{
|
||||||
|
SerialNumber: big.NewInt(int64(acctest.RandInt())),
|
||||||
|
Subject: pkix.Name{
|
||||||
|
Organization: []string{orgName},
|
||||||
|
},
|
||||||
|
NotBefore: time.Now(),
|
||||||
|
NotAfter: time.Now().Add(24 * time.Hour),
|
||||||
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
||||||
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||||
|
BasicConstraintsValid: true,
|
||||||
|
DNSNames: []string{dnsName},
|
||||||
|
}
|
||||||
|
|
||||||
|
privateKey, privateKeyPEM, err := genPrivateKey()
|
||||||
|
if err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
cert, err := x509.CreateCertificate(crand.Reader, template, template, &privateKey.PublicKey, privateKey)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
certPEM, err := pemEncode(cert, "CERTIFICATE")
|
||||||
|
if err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return certPEM, privateKeyPEM, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func genPrivateKey() (*rsa.PrivateKey, string, error) {
|
||||||
|
privateKey, err := rsa.GenerateKey(crand.Reader, 1024)
|
||||||
|
if err != nil {
|
||||||
|
return nil, "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
privateKeyPEM, err := pemEncode(x509.MarshalPKCS1PrivateKey(privateKey), "RSA PRIVATE KEY")
|
||||||
|
if err != nil {
|
||||||
|
return nil, "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return privateKey, privateKeyPEM, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func pemEncode(b []byte, block string) (string, error) {
|
||||||
|
var buf bytes.Buffer
|
||||||
|
pb := &pem.Block{Type: block, Bytes: b}
|
||||||
|
if err := pem.Encode(&buf, pb); err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return buf.String(), nil
|
||||||
|
}
|
||||||
|
|
||||||
func testAccCheckDigitalOceanCertificateConfig_basic(rInt int, privateKeyMaterial, leafCert, certChain string) string {
|
func testAccCheckDigitalOceanCertificateConfig_basic(rInt int, privateKeyMaterial, leafCert, certChain string) string {
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
resource "digitalocean_certificate" "foobar" {
|
resource "digitalocean_certificate" "foobar" {
|
||||||
|
|
Loading…
Reference in New Issue