-
Notifications
You must be signed in to change notification settings - Fork 139
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Resources for Custom TLS and Platform TLS products (#364)
* TLS Custom Private Key Resource * TLS Configuration Data Source * TLS Custom Certificate Resource * TLS Custom Private Key Data Source * TLS Custom Certificate Data Source Also add sweepers for TLS certificates and private keys to easily clean up resources leaked during any failed tests. * TLS Activation Resource * TLS Activation Data Source * TLS Private Key IDs Data Source * TLS Custom Certificate IDs Data Source * TLS Configuration IDs Data Source * TLS Activation IDs Data Source * Change test names to use underscore Terraform testing style guide seems to suggest camel case is used for the main test name then an underscore separates different variations of it. * Add dns_records attribute to TLS Configuration Data Source * TLS Platform Certificate Resource * Update go-fastly reference based on merged PR * TLS Platform Certificate Data Source * TLS Platform Certificate IDs Data Source * Platform TLS Data Sources documentation * Remove redundant `id` filter function * Bring in changes from upstream and modify new code to match Main changes were moving docs generation to tfplugindocs, and updating the go-fastly SDK to v3. I added some changes to the upstream docs generation to avoid having to globally install tfplugindocs. This was also done upstream so I had to do some large merge conflict resolution in this commit to combine the similar but different updates. One commit message related to vendoring tfplugindocs was: > Don't cache dependencies in github PR workflow, instead rely on /vendor > > Including the tfplugindocs module in vendor means it's updating with `go > mod vendor` along with the other libraries used. When running `go > install`, this vendored copy is used, and installed to a project-local > /bin directory. This enables the version of tfplugindocs used to be > independent of other go projects installed on one's system. > > This change means `make dependencies` is no longer used, and isn't > needed in the github PR workflow. Furthermore, the source code for the > tool is included in the /vendor already so the caching of ~/go/* isn't > required either. * Stylistic tweaks to make resources more aligned A couple naming/structure things resulting from different people writing the code. Have just tidied them up before PRing. * Add TLSCLientCert and TLSClientKey options for splunk logging (#353) * Add TLSCLientCert and TLSClientKey options for splunk logging * Add some comments to clarify the usage splunk test tls cert values * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go Co-authored-by: Mark McDonnell <Integralist@users.noreply.github.com> * Update go-fastly reference * Support multiple certificates in platform certificate intermediates_blob The intermediates_blob field of the fastly_tls_platform_certificate resource can contain PEM blocks representing an arbitrary length chain of certificates. The validation function for this field has been updated to reflect this. It now loops through the provided string and checks that each block it finds matches the expected block type until it reaches the end of the string. Similarly the validation function for one single block has been updated to fail if the string contains more than one PEM block. * Use allow_untrusted_root in platform certificate update function Was only used in creation function but should have also been used in update too. * Update go-fastly reference to v3.3.0 Also removed the `replace` directive in the go.mod to remove dependency on opencredo fork. * First updates from PR feedback - removal of unneeded .gitignore entry - removal of superfluous whitespace in docs example block - conversion of TypeList to TypeSet in plural data sources' `ids` field - a couple typo fixes here and there - removal of Set function for controlling set hashing, unneeded - consolidation of function naming to include "Fastly" before resource name - fix some acctest.RandomWithPrefix with duplicate prefix - clarify some comments - add some checks in testAcc.*Exists functions when accessing the map of resources in state to avoid a panic if resource not found * Make tfplugindocs location configurable with flag instead of PATH Add a -tfplugindocsPath command line argument to the parsing script to make it a bit more robust than dynamically setting the PATH variable in the Makefile. Defaults to local bin, as the Makefile expects, but I still set the argument in the Makefile in case someone modifies the BIN variable. Co-authored-by: Will May <will.j.may@gmail.com> Co-authored-by: Trent Rosenbaum <trent.rosenbaum@opencredo.com> Co-authored-by: Kelly McLaughlin <kmclaughlin@fastly.com> Co-authored-by: Mark McDonnell <Integralist@users.noreply.github.com>
- Loading branch information
1 parent
8f24204
commit 748a103
Showing
94 changed files
with
8,816 additions
and
441 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_activation" | ||
sidebar_current: "docs-fastly-datasource-tls_activation" | ||
description: |- | ||
Get information on Fastly TLS Activation. | ||
--- | ||
|
||
# fastly_tls_activation | ||
|
||
Use this data source to get information on a TLS activation, including the certificate used, and the domain on which TLS was enabled. | ||
|
||
~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination | ||
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination | ||
with any of the others. | ||
|
||
~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_activation" "example" { | ||
domain = "example.com" | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **certificate_id** (String) ID of the TLS Certificate used. | ||
- **configuration_id** (String) ID of the TLS Configuration used. | ||
- **domain** (String) Domain that TLS was enabled on. | ||
- **id** (String) Fastly Activation ID. Conflicts with all other filters. | ||
|
||
### Read-Only | ||
|
||
- **created_at** (String) Timestamp (GMT) when TLS was enabled. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_activation_ids" | ||
sidebar_current: "docs-fastly-datasource-tls_activation_ids" | ||
description: |- | ||
Get the list of TLS Activation identifiers in Fastly. | ||
--- | ||
|
||
# fastly_tls_activation_ids | ||
|
||
Use this data source to get the list of TLS Activation identifiers in Fastly. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_activation_ids" "example" { | ||
certificate_id = fastly_tls_certificate.example.id | ||
} | ||
data "fastly_tls_activation" "example" { | ||
for_each = data.fastly_tls_activation_ids.example.ids | ||
id = each.value | ||
} | ||
output "activation_domains" { | ||
value = [for a in data.fastly_tls_activation.example : a.domain] | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **certificate_id** (String) ID of TLS certificate used to filter activations | ||
- **id** (String) The ID of this resource. | ||
|
||
### Read-Only | ||
|
||
- **ids** (Set of String) List of IDs of the TLS Activations. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_certificate" | ||
sidebar_current: "docs-fastly-datasource-tls_certificate" | ||
description: |- | ||
Get information on Fastly TLS certificate. | ||
--- | ||
|
||
# fastly_tls_certificate | ||
|
||
Use this data source to get information of a TLS certificate for use with other resources. | ||
|
||
~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination | ||
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination | ||
with any of the others. | ||
|
||
~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_certificate" "example" { | ||
name = "example.com" | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **domains** (Set of String) Domains that are listed in any certificates' Subject Alternative Names (SAN) list. | ||
- **id** (String) Unique ID assigned to certificate by Fastly | ||
- **issued_to** (String) The hostname for which a certificate was issued. | ||
- **issuer** (String) The certificate authority that issued the certificate. | ||
- **name** (String) Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry. | ||
|
||
### Read-Only | ||
|
||
- **created_at** (String) Timestamp (GMT) when the certificate was created | ||
- **replace** (Boolean) A recommendation from Fastly indicating the key associated with this certificate is in need of rotation | ||
- **serial_number** (String) A value assigned by the issuer that is unique to a certificate | ||
- **signature_algorithm** (String) The algorithm used to sign the certificate | ||
- **updated_at** (String) Timestamp (GMT) when the certificate was last updated |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_certificate_ids" | ||
sidebar_current: "docs-fastly-datasource-tls_certificate_ids" | ||
description: |- | ||
Get IDs of available TLS certificates. | ||
--- | ||
|
||
# fastly_tls_certificate_ids | ||
|
||
Use this data source to get the IDs of available TLS certificates for use with other resources. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_certificate_ids" "example" {} | ||
resource "fastly_tls_activation" "example" { | ||
certificate_id = data.fastly_tls_certificate_ids.example.ids[0] | ||
// ... | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **id** (String) The ID of this resource. | ||
|
||
### Read-Only | ||
|
||
- **ids** (Set of String) List of IDs corresponding to Custom TLS certificates. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_configuration" | ||
sidebar_current: "docs-fastly-datasource-tls_configuration" | ||
description: |- | ||
Get information on Fastly TLS configuration. | ||
--- | ||
|
||
# fastly_tls_configuration | ||
|
||
Use this data source to get the ID of a TLS configuration for use with other resources. | ||
|
||
~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination | ||
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination | ||
with any of the others. | ||
|
||
~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_configuration" "example" { | ||
default = true | ||
} | ||
resource "fastly_tls_activation" "example" { | ||
configuration_id = data.fastly_tls_configuration.example.id | ||
// ... | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **default** (Boolean) Signifies whether Fastly will use this configuration as a default when creating a new TLS activation. | ||
- **http_protocols** (Set of String) HTTP protocols available on the TLS configuration. | ||
- **id** (String) ID of the TLS configuration obtained from the Fastly API or another data source. Conflicts with all the other filters. | ||
- **name** (String) Custom name of the TLS configuration. | ||
- **tls_protocols** (Set of String) TLS protocols available on the TLS configuration. | ||
- **tls_service** (String) Whether the configuration should support the `PLATFORM` or `CUSTOM` TLS service. | ||
|
||
### Read-Only | ||
|
||
- **created_at** (String) Timestamp (GMT) when the configuration was created. | ||
- **dns_records** (Set of Object) The available DNS addresses that can be used to enable TLS for a domain. DNS must be configured for a domain for TLS handshakes to succeed. If enabling TLS on an apex domain (e.g. `example.com`) you must create four A records (or four AAAA records for IPv6 support) using the displayed global A record's IP addresses with your DNS provider. For subdomains and wildcard domains (e.g. `www.example.com` or `*.example.com`) you will need to create a relevant CNAME record. (see [below for nested schema](#nestedatt--dns_records)) | ||
- **updated_at** (String) Timestamp (GMT) when the configuration was last updated. | ||
|
||
<a id="nestedatt--dns_records"></a> | ||
### Nested Schema for `dns_records` | ||
|
||
Read-Only: | ||
|
||
- **record_type** (String) | ||
- **record_value** (String) | ||
- **region** (String) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_configuration_ids" | ||
sidebar_current: "docs-fastly-datasource-tls_configuration_ids" | ||
description: |- | ||
Get IDs of available TLS Configurations. | ||
--- | ||
|
||
# fastly_tls_configuration_ids | ||
|
||
Use this data source to get the IDs of available TLS configurations for use with other resources. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_configuration_ids" "example" {} | ||
resource "fastly_tls_activation" "example" { | ||
configuration_id = data.fastly_tls_configuration.example.ids[0] | ||
// ... | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **id** (String) The ID of this resource. | ||
|
||
### Read-Only | ||
|
||
- **ids** (Set of String) List of IDs corresponding to available TLS configurations. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_platform_certificate" | ||
sidebar_current: "docs-fastly-datasource-tls_platform_certificate" | ||
description: |- | ||
Get information on Fastly Platform TLS certificate. | ||
--- | ||
|
||
# fastly_tls_platform_certificate | ||
|
||
Use this data source to get information of a Platform TLS certificate for use with other resources. | ||
|
||
~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination | ||
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination | ||
with any of the others. | ||
|
||
~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_platform_certificate" "example" { | ||
domains = ["example.com"] | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **domains** (Set of String) Domains that are listed in any certificate's Subject Alternative Names (SAN) list. | ||
- **id** (String) Unique ID assigned to certificate by Fastly. Conflicts with all the other filters. | ||
|
||
### Read-Only | ||
|
||
- **configuration_id** (String) ID of TLS configuration used to terminate TLS traffic. | ||
- **created_at** (String) Timestamp (GMT) when the certificate was created. | ||
- **not_after** (String) Timestamp (GMT) when the certificate will expire. | ||
- **not_before** (String) Timestamp (GMT) when the certificate will become valid. | ||
- **replace** (Boolean) A recommendation from Fastly indicating the key associated with this certificate is in need of rotation. | ||
- **updated_at** (String) Timestamp (GMT) when the certificate was last updated. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
layout: "fastly" | ||
page_title: "Fastly: fastly_tls_platform_certificate_ids" | ||
sidebar_current: "docs-fastly-datasource-tls_platform_certificate_ids" | ||
description: |- | ||
Get IDs of available Platform TLS certificates. | ||
--- | ||
|
||
# fastly_tls_platform_certificate_ids | ||
|
||
Use this data source to get the IDs of available Platform TLS Certificates for use with other resources. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "fastly_tls_platform_certificate_ids" "example" {} | ||
data "fastly_tls_platform_certificate" "example" { | ||
id = data.fastly_tls_platform_certificate_ids.example.ids[0] | ||
} | ||
``` | ||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- **id** (String) The ID of this resource. | ||
|
||
### Read-Only | ||
|
||
- **ids** (Set of String) List of IDs corresponding to Platform TLS certificates. |
Oops, something went wrong.