Resources for Custom TLS and Platform TLS products (#364)

* TLS Custom Private Key Resource

* TLS Configuration Data Source

* TLS Custom Certificate Resource

* TLS Custom Private Key Data Source

* TLS Custom Certificate Data Source

Also add sweepers for TLS certificates and private keys to easily clean up resources leaked during any failed tests.

* TLS Activation Resource

* TLS Activation Data Source

* TLS Private Key IDs Data Source

* TLS Custom Certificate IDs Data Source

* TLS Configuration IDs Data Source

* TLS Activation IDs Data Source

* Change test names to use underscore

Terraform testing style guide seems to suggest camel case is used for
the main test name then an underscore separates different variations of
it.

* Add dns_records attribute to TLS Configuration Data Source

* TLS Platform Certificate Resource

* Update go-fastly reference based on merged PR

* TLS Platform Certificate Data Source

* TLS Platform Certificate IDs Data Source

* Platform TLS Data Sources documentation

* Remove redundant `id` filter function

* Bring in changes from upstream and modify new code to match

Main changes were moving docs generation to tfplugindocs, and updating
the go-fastly SDK to v3. I added some changes to the upstream docs
generation to avoid having to globally install tfplugindocs. This was
also done upstream so I had to do some large merge conflict resolution
in this commit to combine the similar but different updates.

One commit message related to vendoring tfplugindocs was:

> Don't cache dependencies in github PR workflow, instead rely on /vendor
>
> Including the tfplugindocs module in vendor means it's updating with `go
> mod vendor` along with the other libraries used. When running `go
> install`, this vendored copy is used, and installed to a project-local
> /bin directory. This enables the version of tfplugindocs used to be
> independent of other go projects installed on one's system.
>
> This change means `make dependencies` is no longer used, and isn't
> needed in the github PR workflow. Furthermore, the source code for the
> tool is included in the /vendor already so the caching of ~/go/* isn't
> required either.

* Stylistic tweaks to make resources more aligned

A couple naming/structure things resulting from different people writing the code. Have just tidied them up before PRing.

* Add TLSCLientCert and TLSClientKey options for splunk logging (#353)

* Add TLSCLientCert and TLSClientKey options for splunk logging

* Add some comments to clarify the usage splunk test tls cert values

* Update fastly/block_fastly_service_v1_splunk_test.go

* Update fastly/block_fastly_service_v1_splunk_test.go

* Update fastly/block_fastly_service_v1_splunk_test.go

* Update fastly/block_fastly_service_v1_splunk_test.go

* Update fastly/block_fastly_service_v1_splunk_test.go

* Update fastly/block_fastly_service_v1_splunk_test.go

* Update fastly/block_fastly_service_v1_splunk_test.go

Co-authored-by: Mark McDonnell <Integralist@users.noreply.github.com>

* Update go-fastly reference

* Support multiple certificates in platform certificate intermediates_blob

The intermediates_blob field of the fastly_tls_platform_certificate
resource can contain PEM blocks representing an arbitrary length chain
of certificates. The validation function for this field has been updated
to reflect this. It now loops through the provided string and checks
that each block it finds matches the expected block type until it
reaches the end of the string. Similarly the validation function for one
single block has been updated to fail if the string contains more than
one PEM block.

* Use allow_untrusted_root in platform certificate update function

Was only used in creation function but should have also been used
in update too.

* Update go-fastly reference to v3.3.0

Also removed the `replace` directive in the go.mod to remove dependency
on opencredo fork.

* First updates from PR feedback

- removal of unneeded .gitignore entry
- removal of superfluous whitespace in docs example block
- conversion of TypeList to TypeSet in plural data sources' `ids` field
- a couple typo fixes here and there
- removal of Set function for controlling set hashing, unneeded
- consolidation of function naming to include "Fastly" before resource
  name
- fix some acctest.RandomWithPrefix with duplicate prefix
- clarify some comments
- add some checks in testAcc.*Exists functions when accessing the map of
  resources in state to avoid a panic if resource not found

* Make tfplugindocs location configurable with flag instead of PATH

Add a -tfplugindocsPath command line argument to the parsing script to
make it a bit more robust than dynamically setting the PATH variable in
the Makefile. Defaults to local bin, as the Makefile expects, but I
still set the argument in the Makefile in case someone modifies the BIN
variable.

Co-authored-by: Will May <will.j.may@gmail.com>
Co-authored-by: Trent Rosenbaum <trent.rosenbaum@opencredo.com>
Co-authored-by: Kelly McLaughlin <kmclaughlin@fastly.com>
Co-authored-by: Mark McDonnell <Integralist@users.noreply.github.com>

.github/workflows/pr.yml

@@ -52,25 +52,6 @@ jobs:
       uses: actions/setup-go@v2
       with:
         go-version: 1.14.x
-    - name: Restore cached binaries
-      id: cache
-      uses: actions/cache@v2
-      with:
-        path: ~/go/bin
-        key: ${{ runner.os }}-go-bin-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go-bin-
-    - name: Restore cached modules dependencies
-      uses: actions/cache@v2
-      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go-mod-
-    - name: Install dependencies
-      if: steps.cache.outputs.cache-hit != 'true'
-      run: make dependencies
-      shell: bash
     - name: Generate Docs
       run: |
         make generate-docs

GNUmakefile

@@ -52,18 +52,19 @@ test-compile:
 	fi
 	go test -c $(TEST) $(TESTARGS)
 
-dependencies:
-	@echo "Download go.mod dependencies"
-	@go mod download
-
-install-tools: dependencies
+BIN=$(CURDIR)/bin
+$(BIN)/%:
 	@echo "Installing tools from tools/tools.go"
-	@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | xargs -tI {} go install {}
+	@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | GOBIN=$(BIN) xargs -tI {} go install {}
+
+generate-docs: $(BIN)/tfplugindocs
+	go run scripts/generate-docs.go -tfplugindocsPath=$(BIN)/tfplugindocs
 
-generate-docs: install-tools
-	go run scripts/generate-docs.go
+validate-docs: $(BIN)/tfplugindocs
+	$(BIN)/tfplugindocs validate
 
-validate-docs: install-tools
-	tfplugindocs validate
+sweep:
+	@echo "WARNING: This will destroy infrastructure. Use only in development accounts."
+	go test ./fastly -v -sweep=ALL $(SWEEPARGS) -timeout 30m
 
-.PHONY: build test testacc vet fmt fmtcheck errcheck test-compile validate-docs generate-docs install-tools dependencies
+.PHONY: build test testacc vet fmt fmtcheck errcheck test-compile sweep validate-docs generate-docs

docs/data-sources/tls_activation.md

@@ -0,0 +1,38 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_activation"
+sidebar_current: "docs-fastly-datasource-tls_activation"
+description: |-
+Get information on Fastly TLS Activation.
+---
+
+# fastly_tls_activation
+
+Use this data source to get information on a TLS activation, including the certificate used, and the domain on which TLS was enabled.
+
+~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
+of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
+with any of the others.
+
+~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_activation" "example" {
+  domain = "example.com"
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **certificate_id** (String) ID of the TLS Certificate used.
+- **configuration_id** (String) ID of the TLS Configuration used.
+- **domain** (String) Domain that TLS was enabled on.
+- **id** (String) Fastly Activation ID. Conflicts with all other filters.
+
+### Read-Only
+
+- **created_at** (String) Timestamp (GMT) when TLS was enabled.

docs/data-sources/tls_activation_ids.md

@@ -0,0 +1,39 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_activation_ids"
+sidebar_current: "docs-fastly-datasource-tls_activation_ids"
+description: |-
+Get the list of TLS Activation identifiers in Fastly.
+---
+
+# fastly_tls_activation_ids
+
+Use this data source to get the list of TLS Activation identifiers in Fastly.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_activation_ids" "example" {
+  certificate_id = fastly_tls_certificate.example.id
+}
+
+data "fastly_tls_activation" "example" {
+  for_each = data.fastly_tls_activation_ids.example.ids
+  id       = each.value
+}
+
+output "activation_domains" {
+  value = [for a in data.fastly_tls_activation.example : a.domain]
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **certificate_id** (String) ID of TLS certificate used to filter activations
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **ids** (Set of String) List of IDs of the TLS Activations.

docs/data-sources/tls_certificate.md

@@ -0,0 +1,43 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_certificate"
+sidebar_current: "docs-fastly-datasource-tls_certificate"
+description: |-
+Get information on Fastly TLS certificate.
+---
+
+# fastly_tls_certificate
+
+Use this data source to get information of a TLS certificate for use with other resources.
+
+~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
+of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
+with any of the others.
+
+~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_certificate" "example" {
+  name = "example.com"
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **domains** (Set of String) Domains that are listed in any certificates' Subject Alternative Names (SAN) list.
+- **id** (String) Unique ID assigned to certificate by Fastly
+- **issued_to** (String) The hostname for which a certificate was issued.
+- **issuer** (String) The certificate authority that issued the certificate.
+- **name** (String) Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.
+
+### Read-Only
+
+- **created_at** (String) Timestamp (GMT) when the certificate was created
+- **replace** (Boolean) A recommendation from Fastly indicating the key associated with this certificate is in need of rotation
+- **serial_number** (String) A value assigned by the issuer that is unique to a certificate
+- **signature_algorithm** (String) The algorithm used to sign the certificate
+- **updated_at** (String) Timestamp (GMT) when the certificate was last updated

docs/data-sources/tls_certificate_ids.md

@@ -0,0 +1,32 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_certificate_ids"
+sidebar_current: "docs-fastly-datasource-tls_certificate_ids"
+description: |-
+Get IDs of available TLS certificates.
+---
+
+# fastly_tls_certificate_ids
+
+Use this data source to get the IDs of available TLS certificates for use with other resources.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_certificate_ids" "example" {}
+
+resource "fastly_tls_activation" "example" {
+  certificate_id = data.fastly_tls_certificate_ids.example.ids[0]
+  // ...
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **ids** (Set of String) List of IDs corresponding to Custom TLS certificates.

docs/data-sources/tls_configuration.md

@@ -0,0 +1,56 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_configuration"
+sidebar_current: "docs-fastly-datasource-tls_configuration"
+description: |-
+Get information on Fastly TLS configuration.
+---
+
+# fastly_tls_configuration
+
+Use this data source to get the ID of a TLS configuration for use with other resources.
+
+~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
+of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
+with any of the others.
+
+~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_configuration" "example" {
+  default = true
+}
+
+resource "fastly_tls_activation" "example" {
+  configuration_id = data.fastly_tls_configuration.example.id
+  // ...
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **default** (Boolean) Signifies whether Fastly will use this configuration as a default when creating a new TLS activation.
+- **http_protocols** (Set of String) HTTP protocols available on the TLS configuration.
+- **id** (String) ID of the TLS configuration obtained from the Fastly API or another data source. Conflicts with all the other filters.
+- **name** (String) Custom name of the TLS configuration.
+- **tls_protocols** (Set of String) TLS protocols available on the TLS configuration.
+- **tls_service** (String) Whether the configuration should support the `PLATFORM` or `CUSTOM` TLS service.
+
+### Read-Only
+
+- **created_at** (String) Timestamp (GMT) when the configuration was created.
+- **dns_records** (Set of Object) The available DNS addresses that can be used to enable TLS for a domain. DNS must be configured for a domain for TLS handshakes to succeed. If enabling TLS on an apex domain (e.g. `example.com`) you must create four A records (or four AAAA records for IPv6 support) using the displayed global A record's IP addresses with your DNS provider. For subdomains and wildcard domains (e.g. `www.example.com` or `*.example.com`) you will need to create a relevant CNAME record. (see [below for nested schema](#nestedatt--dns_records))
+- **updated_at** (String) Timestamp (GMT) when the configuration was last updated.
+
+<a id="nestedatt--dns_records"></a>
+### Nested Schema for `dns_records`
+
+Read-Only:
+
+- **record_type** (String)
+- **record_value** (String)
+- **region** (String)

docs/data-sources/tls_configuration_ids.md

@@ -0,0 +1,32 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_configuration_ids"
+sidebar_current: "docs-fastly-datasource-tls_configuration_ids"
+description: |-
+Get IDs of available TLS Configurations.
+---
+
+# fastly_tls_configuration_ids
+
+Use this data source to get the IDs of available TLS configurations for use with other resources.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_configuration_ids" "example" {}
+
+resource "fastly_tls_activation" "example" {
+  configuration_id = data.fastly_tls_configuration.example.ids[0]
+  // ...
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **ids** (Set of String) List of IDs corresponding to available TLS configurations.

docs/data-sources/tls_platform_certificate.md

@@ -0,0 +1,41 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_platform_certificate"
+sidebar_current: "docs-fastly-datasource-tls_platform_certificate"
+description: |-
+Get information on Fastly Platform TLS certificate.
+---
+
+# fastly_tls_platform_certificate
+
+Use this data source to get information of a Platform TLS certificate for use with other resources.
+
+~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
+of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
+with any of the others.
+
+~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_platform_certificate" "example" {
+  domains = ["example.com"]
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **domains** (Set of String) Domains that are listed in any certificate's Subject Alternative Names (SAN) list.
+- **id** (String) Unique ID assigned to certificate by Fastly. Conflicts with all the other filters.
+
+### Read-Only
+
+- **configuration_id** (String) ID of TLS configuration used to terminate TLS traffic.
+- **created_at** (String) Timestamp (GMT) when the certificate was created.
+- **not_after** (String) Timestamp (GMT) when the certificate will expire.
+- **not_before** (String) Timestamp (GMT) when the certificate will become valid.
+- **replace** (Boolean) A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
+- **updated_at** (String) Timestamp (GMT) when the certificate was last updated.

docs/data-sources/tls_platform_certificate_ids.md

@@ -0,0 +1,31 @@
+---
+layout: "fastly"
+page_title: "Fastly: fastly_tls_platform_certificate_ids"
+sidebar_current: "docs-fastly-datasource-tls_platform_certificate_ids"
+description: |-
+Get IDs of available Platform TLS certificates.
+---
+
+# fastly_tls_platform_certificate_ids
+
+Use this data source to get the IDs of available Platform TLS Certificates for use with other resources.
+
+## Example Usage
+
+```hcl
+data "fastly_tls_platform_certificate_ids" "example" {}
+
+data "fastly_tls_platform_certificate" "example" {
+  id = data.fastly_tls_platform_certificate_ids.example.ids[0]
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **ids** (Set of String) List of IDs corresponding to Platform TLS certificates.