Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resources for Custom TLS and Platform TLS products #364

Merged
merged 29 commits into from
Feb 17, 2021
Merged

Resources for Custom TLS and Platform TLS products #364

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
94a4df6
TLS Custom Private Key Resource
bengesoff Jan 20, 2021
1f75279
TLS Configuration Data Source
wjam Jan 19, 2021
bfc483f
TLS Custom Certificate Resource
wjam Jan 21, 2021
4f3f9a6
TLS Custom Private Key Data Source
bengesoff Jan 21, 2021
8a4ba5f
TLS Custom Certificate Data Source
wjam Jan 21, 2021
f47fa90
TLS Activation Resource
bengesoff Jan 21, 2021
1b74e16
TLS Activation Data Source
bengesoff Jan 22, 2021
444c610
TLS Private Key IDs Data Source
wjam Jan 22, 2021
d2dcebb
TLS Custom Certificate IDs Data Source
bengesoff Jan 25, 2021
73deb71
TLS Configuration IDs Data Source
bengesoff Jan 25, 2021
7594f3a
TLS Activation IDs Data Source
trentrosenbaum Jan 25, 2021
f9dc6d2
Change test names to use underscore
bengesoff Jan 25, 2021
67499dd
Add dns_records attribute to TLS Configuration Data Source
bengesoff Feb 2, 2021
b88fca1
TLS Platform Certificate Resource
wjam Jan 27, 2021
31acfc6
Update go-fastly reference based on merged PR
bengesoff Feb 1, 2021
1eb8f3a
TLS Platform Certificate Data Source
bengesoff Feb 2, 2021
e94768b
TLS Platform Certificate IDs Data Source
bengesoff Feb 2, 2021
a917559
Platform TLS Data Sources documentation
bengesoff Feb 2, 2021
23f082d
Remove redundant `id` filter function
bengesoff Feb 2, 2021
a56c1a3
Bring in changes from upstream and modify new code to match
bengesoff Feb 4, 2021
0d68aec
Stylistic tweaks to make resources more aligned
bengesoff Feb 8, 2021
1e2e02e
Add TLSCLientCert and TLSClientKey options for splunk logging (#353)
kellymclaughlin Feb 5, 2021
a6a117a
Update go-fastly reference
bengesoff Feb 8, 2021
12afcea
Merge remote-tracking branch 'upstream/master' into tls-platform-and-…
bengesoff Feb 8, 2021
ecfcbbe
Support multiple certificates in platform certificate intermediates_blob
bengesoff Feb 9, 2021
b14967f
Use allow_untrusted_root in platform certificate update function
bengesoff Feb 9, 2021
9ff3b8f
Update go-fastly reference to v3.3.0
bengesoff Feb 15, 2021
faca4d9
First updates from PR feedback
bengesoff Feb 16, 2021
255b34b
Make tfplugindocs location configurable with flag instead of PATH
bengesoff Feb 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
19 changes: 0 additions & 19 deletions .github/workflows/pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,25 +52,6 @@ jobs:
uses: actions/setup-go@v2
with:
go-version: 1.14.x
- name: Restore cached binaries
id: cache
uses: actions/cache@v2
with:
path: ~/go/bin
key: ${{ runner.os }}-go-bin-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-bin-
- name: Restore cached modules dependencies
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-mod-
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: make dependencies
shell: bash
Comment on lines -55 to -73
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any explanation you can give me for why these segments of the workflow have been deleted?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes this change tied in with some of the other changes relating to the way tfplugindocs was being installed. I think previously the makefile was installing the package to GOROOT (i.e. ~/go/pkg and ~/go/bin), which would explain the steps in the workflow caching these directories.

However when adapting the upstream docs generation changes I found that the output of the tfplugindocs tool was quite volatile, given its alpha status, and thought it made sense to use the vendor style dependency management to pin in the exact version of the source code used to generate the docs and reduce disparity between all of the contributor's versions of it. In a similar vein I changed it to install the binary to a project-local ./bin directory to isolate it in case other terraform plugin projects were using different versions of it on anyone's machine. (I think you also made some very similar changes in parallel, e.g. adding a tools.go to allow go mod to find it, so I ended up merging my tweaks into that as well).

Anyway long story short, with the source code being installed to ./vendor and the compiled tfplugindocs binary being installed to ./bin, I didn't see a need to manually cache the external global GOROOT directories as the GitHub workflow does. (Also it had stopped working for me when I removed the make dependencies target, so I had to fix it somehow! 😉)

Does this make sense do you think? Happy to jump on a call and discuss it further if you think that would be helpful

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No that's fine. Thanks for the background information 👍🏻

- name: Generate Docs
run: |
make generate-docs
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ terraform.tfstate
bin/
modules-dev/
/pkg/
playground/
bengesoff marked this conversation as resolved.
Show resolved Hide resolved
website/.vagrant
website/.bundle
website/build
Expand Down
24 changes: 13 additions & 11 deletions GNUmakefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,18 +52,20 @@ test-compile:
fi
go test -c $(TEST) $(TESTARGS)

dependencies:
@echo "Download go.mod dependencies"
@go mod download

install-tools: dependencies
BIN=$(CURDIR)/bin
$(BIN)/%:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need to be a dynamic target? Could the target still be named install-tools and generate-docs to reference it? My thinking is that in the updated generate-docs we're still adding $BIN to $PATH so the go install'ed tools will still be located there.

I feel like the dynamic target name (and specifically setting $(BIN)/tfplugindocs) is too much generalization without any real value? Although I could be mis-understanding the purpose for this refactor entirely.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was related to the same change as explained in the comment on .github/workflows/pr.yml. As part of moving the installation of tfplugindocs to be inside the terraform-provider-fastly directory, I used the non-PHONY target to avoid needing to re-run it every time, if the binary already exists. By extension, the dynamic target seemed useful in case other dependencies were added, given that the grep/awk command was already capable of installing the whole tools.go file.

That's the rationale anyway - I'm happy to change it to use a PHONY install-tools target if you'd prefer, and if I'm not mistaken that would rebuild the tool on each invocation, which could be helpful if it were upgraded? That's assuming that you agree installing to a project-local terraform-provider-fastly/bin directory is a good idea anyway, which you might not - also ok!

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK that makes sense. I think avoiding reinstalling the tool every time is better any way and we can suffer not being on the bleeding edge all the time.

@echo "Installing tools from tools/tools.go"
@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | xargs -tI {} go install {}
@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | GOBIN=$(BIN) xargs -tI {} go install {}

# Inject ./bin into PATH to allow scripts/generate-docs.go to access local tfplugindocs binary
generate-docs: $(BIN)/tfplugindocs
PATH=$(PATH):$(BIN) go run scripts/generate-docs.go

generate-docs: install-tools
go run scripts/generate-docs.go
validate-docs: $(BIN)/tfplugindocs
$(BIN)/tfplugindocs validate
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this not also need PATH=$(PATH):$(BIN) ? As you might not necessarily run generate-docs first.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't believe so, as it's calling the binary from its relative filepath instead of letting the shell look it up on the system PATH, but I might be wrong. In the case of generate-docs the script calls it without specifiying the location so the PATH is needed there.

Now you mention it, it could be cleaner to specify ./bin/tfplugindocs inside the script to avoid modifying the PATH for that command, if we decide that a non-global install is the right way to go. Or if could be nice to leave it configurable from the Makefile too so the location is saved in one place, in which case maybe passing an argument in could be best.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a heads up here - I've pushed in a change to avoid modifying PATH for the generate-docs


validate-docs: install-tools
tfplugindocs validate
sweep:
@echo "WARNING: This will destroy infrastructure. Use only in development accounts."
go test ./fastly -v -sweep=ALL $(SWEEPARGS) -timeout 30m

.PHONY: build test testacc vet fmt fmtcheck errcheck test-compile validate-docs generate-docs install-tools dependencies
.PHONY: build test testacc vet fmt fmtcheck errcheck test-compile sweep validate-docs generate-docs
38 changes: 38 additions & 0 deletions docs/data-sources/tls_activation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_activation"
sidebar_current: "docs-fastly-datasource-tls_activation"
description: |-
Get information on Fastly TLS Activation.
---

# fastly_tls_activation

Use this data source to get information on a TLS activation, including the certificate used, and the domain on which TLS was enabled.

~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
with any of the others.

~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.

## Example Usage

```hcl
data "fastly_tls_activation" "example" {
domain = "example.com"
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **certificate_id** (String) ID of the TLS Certificate used.
- **configuration_id** (String) ID of the TLS Configuration used.
- **domain** (String) Domain that TLS was enabled on.
- **id** (String) Fastly Activation ID. Conflicts with all other filters.

### Read-Only

- **created_at** (String) Timestamp (GMT) when TLS was enabled.
bengesoff marked this conversation as resolved.
Show resolved Hide resolved
41 changes: 41 additions & 0 deletions docs/data-sources/tls_activation_ids.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_activation_ids"
sidebar_current: "docs-fastly-datasource-tls_activation_ids"
description: |-
Get the list of TLS Activation identifiers in Fastly.
---

# fastly_tls_activation_ids

Use this data source to get the list of TLS Activation identifiers in Fastly.

## Example Usage

```hcl

data "fastly_tls_activation_ids" "example" {
certificate_id = fastly_tls_certificate.example.id
}

data "fastly_tls_activation" "example" {
for_each = data.fastly_tls_activation_ids.example.ids
id = each.value
}

output "activation_domains" {
value = [for a in data.fastly_tls_activation.example : a.domain]
}

```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **certificate_id** (String) ID of TLS certificate used to filter activations
- **id** (String) The ID of this resource.

### Read-Only

- **ids** (Set of String) List of IDs of the TLS Activations.
43 changes: 43 additions & 0 deletions docs/data-sources/tls_certificate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_certificate"
sidebar_current: "docs-fastly-datasource-tls_certificate"
description: |-
Get information on Fastly TLS certificate.
---

# fastly_tls_certificate

Use this data source to get information of a TLS certificate for use with other resources.

~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
with any of the others.

~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.

## Example Usage

```hcl
data "fastly_tls_certificate" "example" {
name = "example.com"
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **domains** (Set of String) Domains that are listed in any certificates' Subject Alternative Names (SAN) list.
- **id** (String) Unique ID assigned to certificate by Fastly
- **issued_to** (String) The hostname for which a certificate was issued.
- **issuer** (String) The certificate authority that issued the certificate.
- **name** (String) Human-readable name used to identify the certificate. Defaults to the certificate's Common Name or first Subject Alternative Name entry.

### Read-Only

- **created_at** (String) Timestamp (GMT) when the certificate was created
- **replace** (Boolean) A recommendation from Fastly indicating the key associated with this certificate is in need of rotation
- **serial_number** (String) A value assigned by the issuer that is unique to a certificate
- **signature_algorithm** (String) The algorithm used to sign the certificate
- **updated_at** (String) Timestamp (GMT) when the certificate was last updated
32 changes: 32 additions & 0 deletions docs/data-sources/tls_certificate_ids.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_certificate_ids"
sidebar_current: "docs-fastly-datasource-tls_certificate_ids"
description: |-
Get IDs of available TLS certificates.
---

# fastly_tls_certificate_ids

Use this data source to get the IDs of available TLS certificates for use with other resources.

## Example Usage

```hcl
data "fastly_tls_certificate_ids" "example" {}

resource "fastly_tls_activation" "example" {
certificate_id = data.fastly_tls_certificate_ids.example.ids[0]
// ...
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **id** (String) The ID of this resource.

### Read-Only

- **ids** (List of String) List of IDs corresponding to Custom TLS certificates.
56 changes: 56 additions & 0 deletions docs/data-sources/tls_configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_configuration"
sidebar_current: "docs-fastly-datasource-tls_configuration"
description: |-
Get information on Fastly TLS configuration.
---

# fastly_tls_configuration

Use this data source to get the ID of a TLS configuration for use with other resources.

~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
with any of the others.

~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.

## Example Usage

```hcl
data "fastly_tls_configuration" "example" {
default = true
}

resource "fastly_tls_activation" "example" {
configuration_id = data.fastly_tls_configuration.example.id
// ...
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **default** (Boolean) Signifies whether Fastly will use this configuration as a default when creating a new TLS activation.
- **http_protocols** (Set of String) HTTP protocols available on the TLS configuration.
- **id** (String) ID of the TLS configuration obtained from the Fastly API or another data source. Conflicts with all the other filters.
- **name** (String) Custom name of the TLS configuration.
- **tls_protocols** (Set of String) TLS protocols available on the TLS configuration.
- **tls_service** (String) Whether the configuration should support the `PLATFORM` or `CUSTOM` TLS service.

### Read-Only

- **created_at** (String) Timestamp (GMT) when the configuration was created.
- **dns_records** (Set of Object) The available DNS addresses that can be used to enable TLS for a domain. DNS must be configured for a domain for TLS handshakes to succeed. If enabling TLS on an apex domain (e.g. `example.com`) you must create four A records (or four AAAA records for IPv6 support) using the displayed global A record's IP addresses with your DNS provider. For subdomains and wildcard domains (e.g. `www.example.com` or `*.example.com`) you will need to create a relevant CNAME record. (see [below for nested schema](#nestedatt--dns_records))
- **updated_at** (String) Timestamp (GMT) when the configuration was last updated.

<a id="nestedatt--dns_records"></a>
### Nested Schema for `dns_records`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue as @Integralist raised previously (hashicorp/terraform-plugin-docs#28) - no description on nested schema. I've left it autogenerated because I didn't think the descriptions were too critical, it is reasonably self-explanatory what the fields are for, and it seemed easier to maintain by leaving it autogenerated with the rest of the docs.


Read-Only:

- **record_type** (String)
- **record_value** (String)
- **region** (String)
32 changes: 32 additions & 0 deletions docs/data-sources/tls_configuration_ids.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_configuration_ids"
sidebar_current: "docs-fastly-datasource-tls_configuration_ids"
description: |-
Get IDs of available TLS Configurations.
---

# fastly_tls_configuration_ids

Use this data source to get the IDs of available TLS configurations for use with other resources.

## Example Usage

```hcl
data "fastly_tls_configuration_ids" "example" {}

resource "fastly_tls_activation" "example" {
configuration_id = data.fastly_tls_configuration.example.ids[0]
// ...
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **id** (String) The ID of this resource.

### Read-Only

- **ids** (List of String) List of IDs corresponding to available TLS configurations.
41 changes: 41 additions & 0 deletions docs/data-sources/tls_platform_certificate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_platform_certificate"
sidebar_current: "docs-fastly-datasource-tls_platform_certificate"
description: |-
Get information on Fastly Platform TLS certificate.
---

# fastly_tls_platform_certificate

Use this data source to get information of a Platform TLS certificate for use with other resources.

~> **Warning:** The data source's filters are applied using an **AND** boolean operator, so depending on the combination
of filters, they may become mutually exclusive. The exception to this is `id` which must not be specified in combination
with any of the others.

~> **Note:** If more or less than a single match is returned by the search, Terraform will fail. Ensure that your search is specific enough to return a single key.

## Example Usage

```hcl
data "fastly_tls_platform_certificate" "example" {
domains = ["example.com"]
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **domains** (Set of String) Domains that are listed in any certificate's Subject Alternative Names (SAN) list.
- **id** (String) Unique ID assigned to certificate by Fastly. Conflicts with all the other filters.

### Read-Only

- **configuration_id** (String) ID of TLS configuration used to terminate TLS traffic.
- **created_at** (String) Timestamp (GMT) when the certificate was created.
- **not_after** (String) Timestamp (GMT) when the certificate will expire.
- **not_before** (String) Timestamp (GMT) when the certificate will become valid.
- **replace** (Boolean) A recommendation from Fastly indicating the key associated with this certificate is in need of rotation.
- **updated_at** (String) Timestamp (GMT) when the certificate was last updated.
31 changes: 31 additions & 0 deletions docs/data-sources/tls_platform_certificate_ids.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
layout: "fastly"
page_title: "Fastly: fastly_tls_platform_certificate_ids"
sidebar_current: "docs-fastly-datasource-tls_platform_certificate_ids"
description: |-
Get IDs of available Platform TLS certificates.
---

# fastly_tls_platform_certificate_ids

Use this data source to get the IDs of available Platform TLS Certificates for use with other resources.

## Example Usage

```hcl
data "fastly_tls_platform_certificate_ids" "example" {}

data "fastly_tls_platform_certificate" "example" {
id = data.fastly_tls_platform_certificate_ids.example.ids[0]
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- **id** (String) The ID of this resource.

### Read-Only

- **ids** (List of String) List of IDs corresponding to Platform TLS certificates.