128 lines
3.3 KiB
Go
128 lines
3.3 KiB
Go
package digitalocean
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/digitalocean/godo"
|
|
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
|
|
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
|
|
)
|
|
|
|
func dataSourceDigitalOceanCertificate() *schema.Resource {
|
|
return &schema.Resource{
|
|
Read: dataSourceDigitalOceanCertificateRead,
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
"name": {
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
Description: "name of the certificate",
|
|
ValidateFunc: validation.NoZeroValues,
|
|
},
|
|
// computed attributes
|
|
|
|
// When the certificate type is lets_encrypt, the certificate
|
|
// ID will change when it's renewed, so we have to rely on the
|
|
// certificate name as the primary identifier instead.
|
|
// We include the UUID as another computed field for use in the
|
|
// short-term refresh function that waits for it to be ready.
|
|
"uuid": {
|
|
Type: schema.TypeString,
|
|
Computed: true,
|
|
Description: "uuid of the certificate",
|
|
},
|
|
"type": {
|
|
Type: schema.TypeString,
|
|
Computed: true,
|
|
Description: "type of the certificate",
|
|
},
|
|
"state": {
|
|
Type: schema.TypeString,
|
|
Computed: true,
|
|
Description: "current state of the certificate",
|
|
},
|
|
"domains": {
|
|
Type: schema.TypeSet,
|
|
Computed: true,
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
Description: "domains for which the certificate was issued",
|
|
},
|
|
"not_after": {
|
|
Type: schema.TypeString,
|
|
Computed: true,
|
|
Description: "expiration date and time of the certificate",
|
|
},
|
|
"sha1_fingerprint": {
|
|
Type: schema.TypeString,
|
|
Computed: true,
|
|
Description: "SHA1 fingerprint of the certificate",
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func dataSourceDigitalOceanCertificateRead(d *schema.ResourceData, meta interface{}) error {
|
|
client := meta.(*CombinedConfig).godoClient()
|
|
|
|
// When the certificate type is lets_encrypt, the certificate
|
|
// ID will change when it's renewed, so we have to rely on the
|
|
// certificate name as the primary identifier instead.
|
|
name := d.Get("name").(string)
|
|
cert, err := findCertificateByName(client, name)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
d.SetId(cert.Name)
|
|
d.Set("name", cert.Name)
|
|
d.Set("uuid", cert.ID)
|
|
d.Set("type", cert.Type)
|
|
d.Set("state", cert.State)
|
|
d.Set("not_after", cert.NotAfter)
|
|
d.Set("sha1_fingerprint", cert.SHA1Fingerprint)
|
|
|
|
if err := d.Set("domains", flattenDigitalOceanCertificateDomains(cert.DNSNames)); err != nil {
|
|
return fmt.Errorf("Error setting `domain`: %+v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func findCertificateByName(client *godo.Client, name string) (*godo.Certificate, error) {
|
|
opts := &godo.ListOptions{
|
|
Page: 1,
|
|
PerPage: 200,
|
|
}
|
|
|
|
for {
|
|
certs, resp, err := client.Certificates.List(context.Background(), opts)
|
|
if resp != nil && resp.StatusCode == http.StatusNotFound {
|
|
return nil, nil
|
|
}
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error retrieving certificates: %s", err)
|
|
}
|
|
|
|
for _, cert := range certs {
|
|
if cert.Name == name {
|
|
return &cert, nil
|
|
}
|
|
}
|
|
|
|
if resp.Links == nil || resp.Links.IsLastPage() {
|
|
break
|
|
}
|
|
|
|
page, err := resp.Links.CurrentPage()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error retrieving certificates: %s", err)
|
|
}
|
|
|
|
opts.Page = page + 1
|
|
}
|
|
|
|
return nil, fmt.Errorf("Certificate %s not found", name)
|
|
}
|