GIN-341: add teams certificates to Gateway and Gateway account configuration #3547
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
changelog detected ✅ |
alyssamw
force-pushed
the
master
branch
6 times, most recently
from
9db634c
to
c54b045
Compare
jacobbednarz
reviewed
Aug 9, 2024
internal/sdkv2provider/provider.go
Outdated
| @@ -263,6 +263,7 @@ func New(version string) func() *schema.Provider { | |||
| "cloudflare_static_route": resourceCloudflareStaticRoute(), | |||
| "cloudflare_bot_management": resourceCloudflareBotManagement(), | |||
| "cloudflare_teams_account": resourceCloudflareTeamsAccount(), | |||
| "cloudflare_teams_certificate": resourceCloudflareTeamsCertificate(), | |||
There was a problem hiding this comment.
best have a chat with kenny on this one to get the naming right. we've just done a mass transition migration to get these better named and make more sense in the current landscape.
There was a problem hiding this comment.
I forgot about the rename, teams_ is replaced with zero_trust. I'll see if cloudflare_zero_trust_gateway_certificate is kosher with Kenny and Ankur
There was a problem hiding this comment.
Hi Jacob, James and Ankur have approved in the ticket, let me know if you have any other blockers on this PR.
alyssamw
force-pushed
the
master
branch
2 times, most recently
from
14f7dd7
to
7af5eee
Compare
| d.Set("enabled", Certificate.Enabled) | ||
| d.Set("binding_status", Certificate.BindingStatus) | ||
| d.Set("qs_pack_id", Certificate.QsPackId) | ||
| d.Set("type", Certificate.Type) |
There was a problem hiding this comment.
this is erroring as the field doesn't exist; should it be in the schema? i'm not seeing anything related to it.
=== RUN TestAccCloudflareTeamsCertificate_Basic
panic: Invalid address to set: []string{"type"}
goroutine 182 [running]:
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*ResourceData).Set(0x14000d8a280, {0x10310a57d, 0x4}, {0x1034eaf80, 0x104362d00})
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource_data.go:233 +0x24c
github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider.resourceCloudflareTeamsCertificateRead({0x103776ab0, 0x14000bdf490}, 0x14000d8a280, {0x103756380?, 0x14000451080})
/Users/jacob/src/github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider/resource_cloudflare_teams_certificates.go:108 +0x51c
github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider.resourceCloudflareTeamsCertificateCreate({0x103776ab0, 0x14000bdf490}, 0x14000d8a280, {0x103756380, 0x14000451080})
/Users/jacob/src/github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider/resource_cloudflare_teams_certificates.go:62 +0x500
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x14000866ee0, {0x103776a08, 0x14000b6fbf0}, 0x14000d8a280, {0x103756380, 0x14000451080})
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:806 +0xe4
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x14000866ee0, {0x103776a08, 0x14000b6fbf0}, 0x14000b56680, 0x14000d8a100, {0x103756380, 0x14000451080})
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:937 +0x884
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14000704210, {0x103776a08?, 0x14000b6fb60?}, 0x14000bfc000)
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/grpc_provider.go:1153 +0xaa4
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x14000dae500, {0x103776a08?, 0x14000b6f170?}, 0x14000bdee70)
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/tf5server/server.go:865 +0x2b4
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x10371aca0, 0x14000dae500}, {0x103776a08, 0x14000b6f170}, 0x14000bc1780, 0x0)
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:518 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x14000435600, {0x103776a08, 0x14000b6f0e0}, {0x10377c940, 0x14000e0fb00}, 0x14000b50900, 0x140008084b0, 0x1042e35f8, 0x0)
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1369 +0xb58
google.golang.org/grpc.(*Server).handleStream(0x14000435600, {0x10377c940, 0x14000e0fb00}, 0x14000b50900)
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1780 +0xb20
google.golang.org/grpc.(*Server).serveStreams.func2.1()
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1019 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 181
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1030 +0x13c
FAIL github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider 2.298s
FAIL
make: *** [testacc] Error 1
There was a problem hiding this comment.
Thanks for catching, changed to assign to the gateway_managed / custom fields accordingly
| d.Set("binding_status", Certificate.BindingStatus) | ||
| d.Set("qs_pack_id", Certificate.QsPackId) | ||
| d.Set("type", Certificate.Type) | ||
| d.Set("uploaded_on", Certificate.UploadedOn.Format(time.RFC3339Nano)) |
There was a problem hiding this comment.
similar issue with these timestamps; they are all throwing nil pointer dereferences.
TF_ACC=1 go test ./internal/sdkv2provider -v -run "^TestAccCloudflareTeamsCertificate_" -count 1 -timeout 120m -parallel 1
=== RUN TestAccCloudflareTeamsCertificate_Basic
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x101757524]
goroutine 152 [running]:
github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider.resourceCloudflareTeamsCertificateRead({0x1020d2ab0, 0x140007d72d0}, 0x140007dce00, {0x1020b2380?, 0x14000b1e000})
/Users/jacob/src/github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider/resource_cloudflare_teams_certificates.go:110 +0x4f4
github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider.resourceCloudflareTeamsCertificateCreate({0x1020d2ab0, 0x140007d72d0}, 0x140007dce00, {0x1020b2380, 0x14000b1e000})
/Users/jacob/src/github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider/resource_cloudflare_teams_certificates.go:62 +0x500
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x140009d87e0, {0x1020d2a08, 0x140006d1050}, 0x140007dce00, {0x1020b2380, 0x14000b1e000})
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:806 +0xe4
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x140009d87e0, {0x1020d2a08, 0x140006d1050}, 0x14000fd6410, 0x140007dcc80, {0x1020b2380, 0x14000b1e000})
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/resource.go:937 +0x884
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14000990138, {0x1020d2a08?, 0x140006d0fc0?}, 0x14000a809b0)
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/v2@v2.34.0/helper/schema/grpc_provider.go:1153 +0xaa4
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x14000f9a8c0, {0x1020d2a08?, 0x140006d0450?}, 0x140007d6000)
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/tf5server/server.go:865 +0x2b4
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x102076ca0, 0x14000f9a8c0}, {0x1020d2a08, 0x140006d0450}, 0x140007dc000, 0x0)
/Users/jacob/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:518 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x14000acf600, {0x1020d2a08, 0x140006d03c0}, {0x1020d8940, 0x14000ae5c80}, 0x14000b42480, 0x1400090d620, 0x102c3f5f8, 0x0)
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1369 +0xb58
google.golang.org/grpc.(*Server).handleStream(0x14000acf600, {0x1020d8940, 0x14000ae5c80}, 0x14000b42480)
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1780 +0xb20
google.golang.org/grpc.(*Server).serveStreams.func2.1()
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1019 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 162
/Users/jacob/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1030 +0x13c
FAIL github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider 1.721s
FAIL
make: *** [testacc] Error 1
are you able to run the acceptance tests locally and get these passing?
There was a problem hiding this comment.
Am now getting
provider_test.go:82: [{0 You've attempted to add a new resource to the `terraform-plugin-sdkv2`
which is no longer considered suitable for use. Due the number of known internal issues with
`terraform-plugin-sdkv2` (most notably handling of zero values), we are no longer recommending using it
and instead, advise using `terraform-plugin-framework` exclusively. If you must use terraform-plugin-sdkv2
for this new resource you should first discuss it with a maintainer to fully understand the impact and
potential ramifications. Only then should you bump MAXIMUM_ALLOWED_SDKV2_RESOURCES to include
your resource. []}]
Does this mean I should add the resource to /internal/framework/service, and not allow users of older TF versions to interact with certificates?
There was a problem hiding this comment.
initially, this should have been added as a framework based resource however, let's leave this one as is seeing how it's already got to this point. it doesn't restrict end users on what resources they can use; only which internals it relies on.
There was a problem hiding this comment.
even after bumping the number (which you can do here too), there is still an acceptance test failure.
TF_ACC=1 go test ./internal/sdkv2provider -v -run "^TestAccCloudflareTeamsCertificate_" -count 1 -timeout 120m -parallel 1
=== RUN TestAccCloudflareTeamsCertificate_Basic
resource_cloudflare_teams_certificate_test.go:26: Step 1/2 error: Error running apply: exit status 1
Error: error reading Teams Certificate type "": %!w(<nil>)
with cloudflare_zero_trust_gateway_certificate.xzcchpxrwj,
on terraform_plugin_test.tf line 12, in resource "cloudflare_zero_trust_gateway_certificate" "xzcchpxrwj":
12: resource "cloudflare_zero_trust_gateway_certificate" "xzcchpxrwj" {
--- FAIL: TestAccCloudflareTeamsCertificate_Basic (1.11s)
FAIL
FAIL github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider 2.069s
FAIL
make: *** [testacc] Error 1
There was a problem hiding this comment.
My bad, there's a bug on my api. Will reopen this PR when ready
alyssamw
force-pushed
the
master
branch
2 times, most recently
from
3f135d8
to
ed73810
Compare
jacobbednarz
reviewed
Sep 4, 2024
|
acceptance tests all passing |
|
This functionality has been released in v4.42.0 of the Terraform Cloudflare Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds support for Zero Trust certificates in Gateway and Gateway account configuration. The custom /activate api path is treated as a terraform field within the Teams certificate resource.
Relies on merged cloudflare-go change cloudflare/cloudflare-go#2754