Skip to content

Commit

Permalink
Merge pull request #884 from urohit011/ocsp_attrs
Browse files Browse the repository at this point in the history
Added ocsp attributes for ssl_key_cert and ssl_certificate rresources
  • Loading branch information
RavinderReddyF5 authored Oct 11, 2023
2 parents 7352a5d + 1826387 commit 18238b4
Show file tree
Hide file tree
Showing 7 changed files with 263 additions and 59 deletions.
70 changes: 64 additions & 6 deletions bigip/resource_bigip_ssl_certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,28 @@ func resourceBigipSslCertificate() *schema.Resource {
//ForceNew: true,
Description: "Content of certificate on Disk",
},

"partition": {
Type: schema.TypeString,
Optional: true,
Default: "Common",
Description: "Partition of ssl certificate",
ValidateFunc: validatePartitionName,
},
"monitoring_type": {
Type: schema.TypeString,
Optional: true,
Description: "Specifies the type of monitoring used",
},
"issuer_cert": {
Type: schema.TypeString,
Optional: true,
Description: "Specifies the issuer certificate",
},
"ocsp": {
Type: schema.TypeString,
Optional: true,
Description: "Specifies the OCSP responder",
},
"full_path": {
Type: schema.TypeString,
Optional: true,
Expand All @@ -64,7 +78,19 @@ func resourceBigipSslCertificateCreate(ctx context.Context, d *schema.ResourceDa

certPath := d.Get("content").(string)
partition := d.Get("partition").(string)
err := client.UploadCertificate(name, certPath, partition)
cert := &bigip.Certificate{
Name: name,
Partition: partition,
}

if val, ok := d.GetOk("monitoring_type"); ok {
cert.CertValidationOptions = []string{val.(string)}
}
if val, ok := d.GetOk("issuer_cert"); ok {
cert.IssuerCert = val.(string)
}

err := client.UploadCertificate(certPath, cert)
if err != nil {
return diag.FromErr(fmt.Errorf("error in Importing certificate (%s): %s", name, err))
}
Expand All @@ -88,6 +114,17 @@ func resourceBigipSslCertificateCreate(ctx context.Context, d *schema.ResourceDa
log.Printf("[ERROR]Sending Telemetry data failed:%v", err)
}
}

if val, ok := d.GetOk("ocsp"); ok {
certValidState := &bigip.CertValidatorState{Name: val.(string)}
certValidRef := &bigip.CertValidatorReference{}
certValidRef.Items = append(certValidRef.Items, *certValidState)
cert.CertValidatorRef = certValidRef
err = client.UpdateCertificate(certPath, cert)
if err != nil {
log.Printf("[ERROR]Unable to add ocsp to the certificate:%v", err)
}
}
return resourceBigipSslCertificateRead(ctx, d, meta)
}

Expand Down Expand Up @@ -119,6 +156,11 @@ func resourceBigipSslCertificateRead(ctx context.Context, d *schema.ResourceData
_ = d.Set("name", certificate.Name)
_ = d.Set("partition", certificate.Partition)
_ = d.Set("full_path", certificate.FullPath)
_ = d.Set("issuer_cert", certificate.IssuerCert)
if certificate.CertValidationOptions != nil && len(certificate.CertValidationOptions) > 0 {
monitor_type := certificate.CertValidationOptions[0]
_ = d.Set("monitoring_type", monitor_type)
}

return nil
}
Expand All @@ -129,10 +171,26 @@ func resourceBigipSslCertificateUpdate(ctx context.Context, d *schema.ResourceDa
log.Println("[INFO] Certificate Name " + name)
certpath := d.Get("content").(string)
partition := d.Get("partition").(string)
/*if !strings.HasSuffix(name, ".crt") {
name = name + ".crt"
}*/
err := client.UpdateCertificate(name, certpath, partition)

cert := &bigip.Certificate{
Name: name,
Partition: partition,
}

if val, ok := d.GetOk("monitoring_type"); ok {
cert.CertValidationOptions = []string{val.(string)}
}
if val, ok := d.GetOk("issuer_cert"); ok {
cert.IssuerCert = val.(string)
}
if val, ok := d.GetOk("ocsp"); ok {
certValidState := &bigip.CertValidatorState{Name: val.(string)}
certValidRef := &bigip.CertValidatorReference{}
certValidRef.Items = append(certValidRef.Items, *certValidState)
cert.CertValidatorRef = certValidRef
}

err := client.UpdateCertificate(certpath, cert)
if err != nil {
return diag.FromErr(fmt.Errorf("error in Importing certificate (%s): %s", name, err))
}
Expand Down
34 changes: 34 additions & 0 deletions bigip/resource_bigip_ssl_certificate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,17 @@ resource "bigip_ssl_certificate" "test-cert" {
}
`

var TestSslCertOCSPResource = `
resource "bigip_ssl_certificate" "ssl-test-certificate-tc1" {
name = "test-certificate"
content = "${file("` + folder + `/../examples/mycertocspv2.crt")}"
partition = "Common"
monitoring_type = "ocsp"
issuer_cert = "/Common/MyCA"
ocsp = "/Common/testocsp1"
}
`

func TestAccBigipSslCertificateImportToBigip(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
Expand Down Expand Up @@ -88,6 +99,29 @@ func TestAccBigipSslCertificateTCs(t *testing.T) {
})
}

func TestAccBigipSslCertificateOCSP(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAcctPreCheck(t)
},
Providers: testAccProviders,
CheckDestroy: testChecksslcertificateDestroyed,
Steps: []resource.TestStep{
{
Config: TestSslCertOCSPResource,
Check: resource.ComposeTestCheckFunc(
testChecksslcertificateExists("test-certificate", true),
resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "name", "test-certificate"),
resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "partition", "Common"),
resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "monitoring_type", "ocsp"),
resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "issuer_cert", "/Common/MyCA"),
resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "ocsp", "/Common/testocsp1"),
),
},
},
})
}

func testChecksslcertificateExists(name string, exists bool) resource.TestCheckFunc {
return func(s *terraform.State) error {
client := testAccProvider.Meta().(*bigip.BigIP)
Expand Down
64 changes: 62 additions & 2 deletions bigip/resource_bigip_ssl_key_cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,21 @@ func resourceBigipSSLKeyCert() *schema.Resource {
Computed: true,
Description: "Full Path Name of ssl certificate",
},
"cert_monitoring_type": {
Type: schema.TypeString,
Optional: true,
Description: "Specifies the type of monitoring used.",
},
"issuer_cert": {
Type: schema.TypeString,
Optional: true,
Description: "Specifies the issuer certificate",
},
"cert_ocsp": {
Type: schema.TypeString,
Optional: true,
Description: "Specifies the OCSP responder",
},
"passphrase": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -105,7 +120,19 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData,
if err != nil {
return diag.FromErr(fmt.Errorf("error while adding the ssl key: %v", err))
}
err = client.UploadCertificate(certName, certPath, partition)

cert := &bigip.Certificate{
Name: certName,
Partition: partition,
}
if val, ok := d.GetOk("cert_monitoring_type"); ok {
cert.CertValidationOptions = []string{val.(string)}
}
if val, ok := d.GetOk("issuer_cert"); ok {
cert.IssuerCert = val.(string)
}

err = client.UploadCertificate(certPath, cert)
if err != nil {
return diag.FromErr(fmt.Errorf("error while uploading the ssl cert: %v", err))
}
Expand All @@ -114,6 +141,17 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData,
return diag.FromErr(fmt.Errorf("error while ending transaction: %d", err))
}

if val, ok := d.GetOk("cert_ocsp"); ok {
certValidState := &bigip.CertValidatorState{Name: val.(string)}
certValidRef := &bigip.CertValidatorReference{}
certValidRef.Items = append(certValidRef.Items, *certValidState)
cert.CertValidatorRef = certValidRef
err = client.UpdateCertificate(certPath, cert)
if err != nil {
log.Printf("[ERROR]Unable to add ocsp to the certificate:%v", err)
}
}

id := keyName + "_" + certName
d.SetId(id)
return resourceBigipSSLKeyCertRead(ctx, d, meta)
Expand Down Expand Up @@ -147,6 +185,11 @@ func resourceBigipSSLKeyCertRead(ctx context.Context, d *schema.ResourceData, me
d.Set("cert_name", certificate.Name)
d.Set("cert_full_path", certificate.FullPath)
d.Set("partition", key.Partition)
d.Set("issuer_cert", certificate.IssuerCert)
if certificate.CertValidationOptions != nil && len(certificate.CertValidationOptions) > 0 {
monitor_type := certificate.CertValidationOptions[0]
_ = d.Set("cert_monitoring_type", monitor_type)
}

return nil
}
Expand Down Expand Up @@ -184,7 +227,24 @@ func resourceBigipSSLKeyCertUpdate(ctx context.Context, d *schema.ResourceData,
return diag.FromErr(fmt.Errorf("error while trying to modify the ssl key (%s): %s", keyFullPath, err))
}

err = client.UpdateCertificate(certName, certPath, partition)
cert := &bigip.Certificate{
Name: certName,
Partition: partition,
}
if val, ok := d.GetOk("cert_monitoring_type"); ok {
cert.CertValidationOptions = []string{val.(string)}
}
if val, ok := d.GetOk("issuer_cert"); ok {
cert.IssuerCert = val.(string)
}
if val, ok := d.GetOk("cert_ocsp"); ok {
certValidState := &bigip.CertValidatorState{Name: val.(string)}
certValidRef := &bigip.CertValidatorReference{}
certValidRef.Items = append(certValidRef.Items, *certValidState)
cert.CertValidatorRef = certValidRef
}

err = client.UpdateCertificate(certPath, cert)
if err != nil {
return diag.FromErr(fmt.Errorf("error while updating the ssl certificate (%s): %s", certName, err))
}
Expand Down
35 changes: 35 additions & 0 deletions bigip/resource_bigip_ssl_key_cert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,19 @@ resource "bigip_ltm_profile_server_ssl" "test-ServerSsl" {
}
`

var sslProfileCertKeyOCSP = `
resource "bigip_ssl_key_cert" "testkeycert" {
partition = "Common"
key_name = "ssl-test-key"
key_content = "${file("` + folder + `/../examples/mycertocspv2.pem")}"
cert_name = "ssl-test-cert"
cert_content = "${file("` + folder + `/../examples/mycertocspv2.crt")}"
cert_monitoring_type = "ocsp"
issuer_cert = "/Common/MyCA"
cert_ocsp = "/Common/testocsp1"
}
`

func TestAccBigipSSLCertKeyCreate(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
Expand Down Expand Up @@ -112,3 +125,25 @@ func TestAccBigipSSLCertKeyCreateCertKeyProfile(t *testing.T) {
},
})
}

func TestAccBigipSSLCertKeyCreateCertKeyProfileOCSP(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAcctPreCheck(t)
},
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: sslProfileCertKeyOCSP,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_name", "ssl-test-key"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_name", "ssl-test-cert"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "partition", "Common"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_monitoring_type", "ocsp"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "issuer_cert", "/Common/MyCA"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_ocsp", "/Common/testocsp1"),
),
},
},
})
}
6 changes: 6 additions & 0 deletions docs/resources/bigip_ssl_certificate.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,9 @@ resource "bigip_ssl_certificate" "test-cert" {
* `content` - (Required) Content of certificate on Local Disk,path of SSL certificate will be provided to terraform `file` function

* `partition` - Partition on to SSL Certificate to be imported. The parameter is not required when running terraform import operation. In such case the name must be provided in full_path format.

* `monitoring_type` - Specifies the type of monitoring used.

* `issuer_cert` - Specifies the issuer certificate.

* `ocsp` - Specifies the OCSP responder.
5 changes: 5 additions & 0 deletions docs/resources/bigip_ssl_key_cert.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ resource "bigip_ssl_key_cert" "testkeycert" {

* `passphrase` - (Optional,type `string`) Passphrase on the SSL key.

* `cert_monitoring_type` - (Optional,type `string`) Specifies the type of monitoring used.

* `issuer_cert` - (Optional,type `string`) Specifies the issuer certificate.

* `cert_ocsp` - (Optional,type `string`) Specifies the OCSP responder.


## Attribute Reference
Expand Down
Loading

0 comments on commit 18238b4

Please sign in to comment.