diff --git a/.changelog/7488.txt b/.changelog/7488.txt new file mode 100644 index 0000000000..bcb36acc48 --- /dev/null +++ b/.changelog/7488.txt @@ -0,0 +1,4 @@ +```release-note:new-resource +Add Apigee Environment Keystore Alias for Self Signed Format + +``` diff --git a/google-beta/provider.go b/google-beta/provider.go index 1938022ec9..7b88d115a8 100644 --- a/google-beta/provider.go +++ b/google-beta/provider.go @@ -785,9 +785,9 @@ func Provider() *schema.Provider { return provider } -// Generated resources: 312 +// Generated resources: 313 // Generated IAM resources: 213 -// Total generated resources: 525 +// Total generated resources: 526 func ResourceMap() map[string]*schema.Resource { resourceMap, _ := ResourceMapWithErrors() return resourceMap @@ -832,6 +832,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) { "google_apigee_addons_config": ResourceApigeeAddonsConfig(), "google_apigee_endpoint_attachment": ResourceApigeeEndpointAttachment(), "google_apigee_env_keystore": ResourceApigeeEnvKeystore(), + "google_apigee_env_keystore_alias_self_signed_cert": ResourceApigeeEnvKeystoreAliasSelfSignedCert(), "google_apigee_env_references": ResourceApigeeEnvReferences(), "google_apigee_envgroup": ResourceApigeeEnvgroup(), "google_apigee_envgroup_attachment": ResourceApigeeEnvgroupAttachment(), diff --git a/google-beta/resource_apigee_env_keystore_alias_self_signed_cert.go b/google-beta/resource_apigee_env_keystore_alias_self_signed_cert.go new file mode 100644 index 0000000000..7b515dc5f4 --- /dev/null +++ b/google-beta/resource_apigee_env_keystore_alias_self_signed_cert.go @@ -0,0 +1,659 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "log" + "reflect" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func ResourceApigeeEnvKeystoreAliasSelfSignedCert() *schema.Resource { + return &schema.Resource{ + Create: resourceApigeeEnvKeystoreAliasSelfSignedCertCreate, + Read: resourceApigeeEnvKeystoreAliasSelfSignedCertRead, + Delete: resourceApigeeEnvKeystoreAliasSelfSignedCertDelete, + + Importer: &schema.ResourceImporter{ + State: resourceApigeeEnvKeystoreAliasSelfSignedCertImport, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(30 * time.Minute), + Delete: schema.DefaultTimeout(30 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "alias": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Alias for the key/certificate pair. Values must match the regular expression [\w\s-.]{1,255}. +This must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either +this parameter or the JSON body.`, + }, + "environment": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The Apigee environment name`, + }, + "keystore": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The Apigee keystore name associated in an Apigee environment`, + }, + "org_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The Apigee Organization name associated with the Apigee environment`, + }, + "sig_alg": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA`, + }, + "subject": { + Type: schema.TypeList, + Required: true, + ForceNew: true, + Description: `Subject details.`, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "common_name": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Common name of the organization. Maximum length is 64 characters.`, + }, + "country_code": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Two-letter country code. Example, IN for India, US for United States of America.`, + }, + "email": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Email address. Max 255 characters.`, + }, + "locality": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `City or town name. Maximum length is 128 characters.`, + }, + "org": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Organization name. Maximum length is 64 characters.`, + }, + "org_unit": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Organization team name. Maximum length is 64 characters.`, + }, + "state": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `State or district name. Maximum length is 128 characters.`, + }, + }, + }, + }, + "cert_validity_in_days": { + Type: schema.TypeInt, + Optional: true, + ForceNew: true, + Description: `Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.`, + }, + "key_size": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Key size. Default and maximum value is 2048 bits.`, + }, + "subject_alternative_dns_names": { + Type: schema.TypeList, + Optional: true, + ForceNew: true, + Description: `List of alternative host names. Maximum length is 255 characters for each value.`, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "subject_alternative_name": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Subject Alternative Name`, + }, + }, + }, + }, + "certs_info": { + Type: schema.TypeList, + Computed: true, + Description: `Chain of certificates under this alias.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cert_info": { + Type: schema.TypeList, + Computed: true, + Description: `List of all properties in the object.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "basic_constraints": { + Type: schema.TypeString, + Computed: true, + Description: `X.509 basic constraints extension.`, + }, + "expiry_date": { + Type: schema.TypeString, + Computed: true, + Description: `X.509 notAfter validity period in milliseconds since epoch.`, + }, + "is_valid": { + Type: schema.TypeString, + Computed: true, + Description: `Flag that specifies whether the certificate is valid. +Flag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.`, + }, + "issuer": { + Type: schema.TypeString, + Computed: true, + Description: `X.509 issuer.`, + }, + "public_key": { + Type: schema.TypeString, + Computed: true, + Description: `Public key component of the X.509 subject public key info.`, + }, + "serial_number": { + Type: schema.TypeString, + Computed: true, + Description: `X.509 serial number.`, + }, + "sig_alg_name": { + Type: schema.TypeString, + Computed: true, + Description: `X.509 signatureAlgorithm.`, + }, + "subject": { + Type: schema.TypeString, + Computed: true, + Description: `X.509 subject.`, + }, + "subject_alternative_names": { + Type: schema.TypeList, + Computed: true, + Description: `X.509 subject alternative names (SANs) extension.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "valid_from": { + Type: schema.TypeString, + Computed: true, + Description: `X.509 notBefore validity period in milliseconds since epoch.`, + }, + "version": { + Type: schema.TypeInt, + Computed: true, + Description: `X.509 version.`, + }, + }, + }, + }, + }, + }, + }, + "type": { + Type: schema.TypeString, + Computed: true, + Description: `Optional.Type of Alias`, + }, + }, + UseJSONNumber: true, + } +} + +func resourceApigeeEnvKeystoreAliasSelfSignedCertCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + obj := make(map[string]interface{}) + aliasProp, err := expandApigeeEnvKeystoreAliasSelfSignedCertAlias(d.Get("alias"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("alias"); !isEmptyValue(reflect.ValueOf(aliasProp)) && (ok || !reflect.DeepEqual(v, aliasProp)) { + obj["alias"] = aliasProp + } + subjectAlternativeDnsNamesProp, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNames(d.Get("subject_alternative_dns_names"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("subject_alternative_dns_names"); !isEmptyValue(reflect.ValueOf(subjectAlternativeDnsNamesProp)) && (ok || !reflect.DeepEqual(v, subjectAlternativeDnsNamesProp)) { + obj["subjectAlternativeDnsNames"] = subjectAlternativeDnsNamesProp + } + keySizeProp, err := expandApigeeEnvKeystoreAliasSelfSignedCertKeySize(d.Get("key_size"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("key_size"); !isEmptyValue(reflect.ValueOf(keySizeProp)) && (ok || !reflect.DeepEqual(v, keySizeProp)) { + obj["keySize"] = keySizeProp + } + sigAlgProp, err := expandApigeeEnvKeystoreAliasSelfSignedCertSigAlg(d.Get("sig_alg"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("sig_alg"); !isEmptyValue(reflect.ValueOf(sigAlgProp)) && (ok || !reflect.DeepEqual(v, sigAlgProp)) { + obj["sigAlg"] = sigAlgProp + } + subjectProp, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubject(d.Get("subject"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("subject"); !isEmptyValue(reflect.ValueOf(subjectProp)) && (ok || !reflect.DeepEqual(v, subjectProp)) { + obj["subject"] = subjectProp + } + certValidityInDaysProp, err := expandApigeeEnvKeystoreAliasSelfSignedCertCertValidityInDays(d.Get("cert_validity_in_days"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("cert_validity_in_days"); !isEmptyValue(reflect.ValueOf(certValidityInDaysProp)) && (ok || !reflect.DeepEqual(v, certValidityInDaysProp)) { + obj["certValidityInDays"] = certValidityInDaysProp + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases?alias={{alias}}&format=selfsignedcert") + if err != nil { + return err + } + + log.Printf("[DEBUG] Creating new EnvKeystoreAliasSelfSignedCert: %#v", obj) + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequestWithTimeout(config, "POST", billingProject, url, userAgent, obj, d.Timeout(schema.TimeoutCreate)) + if err != nil { + return fmt.Errorf("Error creating EnvKeystoreAliasSelfSignedCert: %s", err) + } + + // Store the ID now + id, err := replaceVars(d, config, "organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + log.Printf("[DEBUG] Finished creating EnvKeystoreAliasSelfSignedCert %q: %#v", d.Id(), res) + + return resourceApigeeEnvKeystoreAliasSelfSignedCertRead(d, meta) +} + +func resourceApigeeEnvKeystoreAliasSelfSignedCertRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}") + if err != nil { + return err + } + + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequest(config, "GET", billingProject, url, userAgent, nil) + if err != nil { + return handleNotFoundError(err, d, fmt.Sprintf("ApigeeEnvKeystoreAliasSelfSignedCert %q", d.Id())) + } + + if err := d.Set("certs_info", flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfo(res["certsInfo"], d, config)); err != nil { + return fmt.Errorf("Error reading EnvKeystoreAliasSelfSignedCert: %s", err) + } + if err := d.Set("type", flattenApigeeEnvKeystoreAliasSelfSignedCertType(res["type"], d, config)); err != nil { + return fmt.Errorf("Error reading EnvKeystoreAliasSelfSignedCert: %s", err) + } + if err := d.Set("alias", flattenApigeeEnvKeystoreAliasSelfSignedCertAlias(res["alias"], d, config)); err != nil { + return fmt.Errorf("Error reading EnvKeystoreAliasSelfSignedCert: %s", err) + } + if err := d.Set("subject_alternative_dns_names", flattenApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNames(res["subjectAlternativeDnsNames"], d, config)); err != nil { + return fmt.Errorf("Error reading EnvKeystoreAliasSelfSignedCert: %s", err) + } + + return nil +} + +func resourceApigeeEnvKeystoreAliasSelfSignedCertDelete(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}") + if err != nil { + return err + } + + var obj map[string]interface{} + log.Printf("[DEBUG] Deleting EnvKeystoreAliasSelfSignedCert %q", d.Id()) + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequestWithTimeout(config, "DELETE", billingProject, url, userAgent, obj, d.Timeout(schema.TimeoutDelete)) + if err != nil { + return handleNotFoundError(err, d, "EnvKeystoreAliasSelfSignedCert") + } + + log.Printf("[DEBUG] Finished deleting EnvKeystoreAliasSelfSignedCert %q: %#v", d.Id(), res) + return nil +} + +func resourceApigeeEnvKeystoreAliasSelfSignedCertImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + config := meta.(*Config) + + // current import_formats cannot import fields with forward slashes in their value + if err := parseImportId([]string{ + "organizations/(?P[^/]+)/environments/(?P[^/]+)/keystores/(?P[^/]+)/aliases/(?P[^/]+)", + "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", + }, d, config); err != nil { + return nil, err + } + + // Replace import id for the resource id + id, err := replaceVars(d, config, "organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}") + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + return []*schema.ResourceData{d}, nil +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfo(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + if len(original) == 0 { + return nil + } + transformed := make(map[string]interface{}) + transformed["cert_info"] = + flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfo(original["certInfo"], d, config) + return []interface{}{transformed} +} +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfo(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return v + } + l := v.([]interface{}) + transformed := make([]interface{}, 0, len(l)) + for _, raw := range l { + original := raw.(map[string]interface{}) + if len(original) < 1 { + // Do not include empty json objects coming back from the api + continue + } + transformed = append(transformed, map[string]interface{}{ + "version": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoVersion(original["version"], d, config), + "subject": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSubject(original["subject"], d, config), + "issuer": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoIssuer(original["issuer"], d, config), + "expiry_date": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoExpiryDate(original["expiryDate"], d, config), + "valid_from": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoValidFrom(original["validFrom"], d, config), + "is_valid": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoIsValid(original["isValid"], d, config), + "subject_alternative_names": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSubjectAlternativeNames(original["subjectAlternativeNames"], d, config), + "sig_alg_name": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSigAlgName(original["sigAlgName"], d, config), + "public_key": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoPublicKey(original["publicKey"], d, config), + "basic_constraints": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoBasicConstraints(original["basicConstraints"], d, config), + "serial_number": flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSerialNumber(original["serialNumber"], d, config), + }) + } + return transformed +} +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoVersion(v interface{}, d *schema.ResourceData, config *Config) interface{} { + // Handles the string fixed64 format + if strVal, ok := v.(string); ok { + if intVal, err := StringToFixed64(strVal); err == nil { + return intVal + } + } + + // number values are represented as float64 + if floatVal, ok := v.(float64); ok { + intVal := int(floatVal) + return intVal + } + + return v // let terraform core handle it otherwise +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSubject(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoIssuer(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoExpiryDate(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoValidFrom(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoIsValid(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSubjectAlternativeNames(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSigAlgName(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoPublicKey(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoBasicConstraints(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertCertsInfoCertInfoSerialNumber(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertType(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertAlias(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNames(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + if len(original) == 0 { + return nil + } + transformed := make(map[string]interface{}) + transformed["subject_alternative_name"] = + flattenApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNamesSubjectAlternativeName(original["subjectAlternativeName"], d, config) + return []interface{}{transformed} +} +func flattenApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNamesSubjectAlternativeName(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertAlias(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNames(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedSubjectAlternativeName, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNamesSubjectAlternativeName(original["subject_alternative_name"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedSubjectAlternativeName); val.IsValid() && !isEmptyValue(val) { + transformed["subjectAlternativeName"] = transformedSubjectAlternativeName + } + + return transformed, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectAlternativeDnsNamesSubjectAlternativeName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertKeySize(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSigAlg(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubject(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedCountryCode, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectCountryCode(original["country_code"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedCountryCode); val.IsValid() && !isEmptyValue(val) { + transformed["countryCode"] = transformedCountryCode + } + + transformedState, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectState(original["state"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedState); val.IsValid() && !isEmptyValue(val) { + transformed["state"] = transformedState + } + + transformedLocality, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectLocality(original["locality"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedLocality); val.IsValid() && !isEmptyValue(val) { + transformed["locality"] = transformedLocality + } + + transformedOrg, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectOrg(original["org"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedOrg); val.IsValid() && !isEmptyValue(val) { + transformed["org"] = transformedOrg + } + + transformedOrgUnit, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectOrgUnit(original["org_unit"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedOrgUnit); val.IsValid() && !isEmptyValue(val) { + transformed["orgUnit"] = transformedOrgUnit + } + + transformedCommonName, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectCommonName(original["common_name"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedCommonName); val.IsValid() && !isEmptyValue(val) { + transformed["commonName"] = transformedCommonName + } + + transformedEmail, err := expandApigeeEnvKeystoreAliasSelfSignedCertSubjectEmail(original["email"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedEmail); val.IsValid() && !isEmptyValue(val) { + transformed["email"] = transformedEmail + } + + return transformed, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectCountryCode(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectState(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectLocality(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectOrg(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectOrgUnit(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectCommonName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertSubjectEmail(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeEnvKeystoreAliasSelfSignedCertCertValidityInDays(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} diff --git a/google-beta/resource_apigee_env_keystore_alias_self_signed_cert_generated_test.go b/google-beta/resource_apigee_env_keystore_alias_self_signed_cert_generated_test.go new file mode 100644 index 0000000000..33a919b2e2 --- /dev/null +++ b/google-beta/resource_apigee_env_keystore_alias_self_signed_cert_generated_test.go @@ -0,0 +1,173 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +func TestAccApigeeEnvKeystoreAliasSelfSignedCert_apigeeEnvKeystoreAliasSelfSignedCertExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "org_id": GetTestOrgFromEnv(t), + "billing_account": GetTestBillingAccountFromEnv(t), + "random_suffix": RandString(t, 10), + } + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV5ProviderFactories: ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckApigeeEnvKeystoreAliasSelfSignedCertDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccApigeeEnvKeystoreAliasSelfSignedCert_apigeeEnvKeystoreAliasSelfSignedCertExample(context), + }, + { + ResourceName: "google_apigee_env_keystore_alias_self_signed_cert.apigee_environment_keystore_ss_alias", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"org_id", "environment", "keystore", "key_size", "sig_alg", "subject", "cert_validity_in_days"}, + }, + }, + }) +} + +func testAccApigeeEnvKeystoreAliasSelfSignedCert_apigeeEnvKeystoreAliasSelfSignedCertExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" + depends_on = [google_project_service.apigee] +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" + depends_on = [google_project_service.servicenetworking] +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_environment" "apigee_environment_keystore_ss_alias" { + org_id = google_apigee_organization.apigee_org.id + name = "tf-test%{random_suffix}" + description = "Apigee Environment" + display_name = "environment-1" +} + +resource "google_apigee_env_keystore" "apigee_environment_keystore_alias" { + name = "tf-test-keystore%{random_suffix}" + env_id = google_apigee_environment.apigee_environment_keystore_ss_alias.id +} + +resource "google_apigee_env_keystore_alias_self_signed_cert" "apigee_environment_keystore_ss_alias" { + environment = google_apigee_environment.apigee_environment_keystore_ss_alias.name + org_id = google_apigee_organization.apigee_org.name + keystore = google_apigee_env_keystore.apigee_environment_keystore_alias.name + alias = "tf test-alias%{random_suffix}" + key_size = 1024 + sig_alg = "SHA512withRSA" + cert_validity_in_days = 4 + subject { + common_name = "selfsigned_example" + country_code = "US" + locality = "TX" + org = "CCE" + org_unit = "PSO" + } +} +`, context) +} + +func testAccCheckApigeeEnvKeystoreAliasSelfSignedCertDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_apigee_env_keystore_alias_self_signed_cert" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := GoogleProviderConfig(t) + + url, err := replaceVarsForTest(config, rs, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + + _, err = SendRequest(config, "GET", billingProject, url, config.UserAgent, nil) + if err == nil { + return fmt.Errorf("ApigeeEnvKeystoreAliasSelfSignedCert still exists at %s", url) + } + } + + return nil + } +} diff --git a/website/docs/r/apigee_env_keystore_alias_self_signed_cert.html.markdown b/website/docs/r/apigee_env_keystore_alias_self_signed_cert.html.markdown new file mode 100644 index 0000000000..8d299bfc34 --- /dev/null +++ b/website/docs/r/apigee_env_keystore_alias_self_signed_cert.html.markdown @@ -0,0 +1,292 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Apigee" +description: |- + An Environment Keystore Alias for Self Signed Certificate Format in Apigee +--- + +# google\_apigee\_env\_keystore\_alias\_self\_signed\_cert + +An Environment Keystore Alias for Self Signed Certificate Format in Apigee + + +To get more information about EnvKeystoreAliasSelfSignedCert, see: + +* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keystores.aliases/create) +* How-to Guides + * [Creating an environment](https://cloud.google.com/apigee/docs/api-platform/get-started/create-environment) + +## Example Usage - Apigee Env Keystore Alias Self Signed Cert + + +```hcl +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "123456789" + billing_account = "000000-0000000-0000000-000000" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" + depends_on = [google_project_service.apigee] +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" + depends_on = [google_project_service.servicenetworking] +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_environment" "apigee_environment_keystore_ss_alias" { + org_id = google_apigee_organization.apigee_org.id + name = "tf-test%{random_suffix}" + description = "Apigee Environment" + display_name = "environment-1" +} + +resource "google_apigee_env_keystore" "apigee_environment_keystore_alias" { + name = "tf-test-keystore%{random_suffix}" + env_id = google_apigee_environment.apigee_environment_keystore_ss_alias.id +} + +resource "google_apigee_env_keystore_alias_self_signed_cert" "apigee_environment_keystore_ss_alias" { + environment = google_apigee_environment.apigee_environment_keystore_ss_alias.name + org_id = google_apigee_organization.apigee_org.name + keystore = google_apigee_env_keystore.apigee_environment_keystore_alias.name + alias = "tf test-alias%{random_suffix}" + key_size = 1024 + sig_alg = "SHA512withRSA" + cert_validity_in_days = 4 + subject { + common_name = "selfsigned_example" + country_code = "US" + locality = "TX" + org = "CCE" + org_unit = "PSO" + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `org_id` - + (Required) + The Apigee Organization name associated with the Apigee environment + +* `environment` - + (Required) + The Apigee environment name + +* `keystore` - + (Required) + The Apigee keystore name associated in an Apigee environment + +* `alias` - + (Required) + Alias for the key/certificate pair. Values must match the regular expression [\w\s-.]{1,255}. + This must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either + this parameter or the JSON body. + +* `sig_alg` - + (Required) + Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA + +* `subject` - + (Required) + Subject details. + Structure is [documented below](#nested_subject). + + +The `subject` block supports: + +* `country_code` - + (Optional) + Two-letter country code. Example, IN for India, US for United States of America. + +* `state` - + (Optional) + State or district name. Maximum length is 128 characters. + +* `locality` - + (Optional) + City or town name. Maximum length is 128 characters. + +* `org` - + (Optional) + Organization name. Maximum length is 64 characters. + +* `org_unit` - + (Optional) + Organization team name. Maximum length is 64 characters. + +* `common_name` - + (Optional) + Common name of the organization. Maximum length is 64 characters. + +* `email` - + (Optional) + Email address. Max 255 characters. + +- - - + + +* `subject_alternative_dns_names` - + (Optional) + List of alternative host names. Maximum length is 255 characters for each value. + Structure is [documented below](#nested_subject_alternative_dns_names). + +* `key_size` - + (Optional) + Key size. Default and maximum value is 2048 bits. + +* `cert_validity_in_days` - + (Optional) + Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365. + + +The `subject_alternative_dns_names` block supports: + +* `subject_alternative_name` - + (Optional) + Subject Alternative Name + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}}` + +* `certs_info` - + Chain of certificates under this alias. + Structure is [documented below](#nested_certs_info). + +* `type` - + Optional.Type of Alias + + +The `certs_info` block contains: + +* `cert_info` - + (Output) + List of all properties in the object. + Structure is [documented below](#nested_cert_info). + + +The `cert_info` block contains: + +* `version` - + (Output) + X.509 version. + +* `subject` - + (Output) + X.509 subject. + +* `issuer` - + (Output) + X.509 issuer. + +* `expiry_date` - + (Output) + X.509 notAfter validity period in milliseconds since epoch. + +* `valid_from` - + (Output) + X.509 notBefore validity period in milliseconds since epoch. + +* `is_valid` - + (Output) + Flag that specifies whether the certificate is valid. + Flag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid. + +* `subject_alternative_names` - + (Output) + X.509 subject alternative names (SANs) extension. + +* `sig_alg_name` - + (Output) + X.509 signatureAlgorithm. + +* `public_key` - + (Output) + Public key component of the X.509 subject public key info. + +* `basic_constraints` - + (Output) + X.509 basic constraints extension. + +* `serial_number` - + (Output) + X.509 serial number. + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 30 minutes. +- `delete` - Default is 30 minutes. + +## Import + + +EnvKeystoreAliasSelfSignedCert can be imported using any of these accepted formats: + +``` +$ terraform import google_apigee_env_keystore_alias_self_signed_cert.default organizations/{{org_id}}/environments/{{environment}}/keystores/{{keystore}}/aliases/{{alias}} +$ terraform import google_apigee_env_keystore_alias_self_signed_cert.default {{org_id}}/{{environment}}/{{keystore}}/{{alias}} +```