github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/rancher/resource_rancher_certificate.go (about) 1 package rancher 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/helper/schema" 10 rancher "github.com/rancher/go-rancher/client" 11 ) 12 13 func resourceRancherCertificate() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceRancherCertificateCreate, 16 Read: resourceRancherCertificateRead, 17 Update: resourceRancherCertificateUpdate, 18 Delete: resourceRancherCertificateDelete, 19 Importer: &schema.ResourceImporter{ 20 State: resourceRancherCertificateImport, 21 }, 22 23 Schema: map[string]*schema.Schema{ 24 "id": &schema.Schema{ 25 Type: schema.TypeString, 26 Computed: true, 27 }, 28 "name": &schema.Schema{ 29 Type: schema.TypeString, 30 Required: true, 31 }, 32 "description": &schema.Schema{ 33 Type: schema.TypeString, 34 Optional: true, 35 }, 36 "environment_id": &schema.Schema{ 37 Type: schema.TypeString, 38 Required: true, 39 }, 40 "cert": &schema.Schema{ 41 Type: schema.TypeString, 42 Required: true, 43 }, 44 "cert_chain": &schema.Schema{ 45 Type: schema.TypeString, 46 Optional: true, 47 }, 48 "key": &schema.Schema{ 49 Type: schema.TypeString, 50 Required: true, 51 }, 52 "cn": &schema.Schema{ 53 Type: schema.TypeString, 54 Computed: true, 55 }, 56 "algorithm": &schema.Schema{ 57 Type: schema.TypeString, 58 Computed: true, 59 }, 60 "cert_fingerprint": &schema.Schema{ 61 Type: schema.TypeString, 62 Computed: true, 63 }, 64 "expires_at": &schema.Schema{ 65 Type: schema.TypeString, 66 Computed: true, 67 }, 68 "issued_at": &schema.Schema{ 69 Type: schema.TypeString, 70 Computed: true, 71 }, 72 "issuer": &schema.Schema{ 73 Type: schema.TypeString, 74 Computed: true, 75 }, 76 "key_size": &schema.Schema{ 77 Type: schema.TypeString, 78 Computed: true, 79 }, 80 "serial_number": &schema.Schema{ 81 Type: schema.TypeString, 82 Computed: true, 83 }, 84 "subject_alternative_names": &schema.Schema{ 85 Type: schema.TypeSet, 86 Elem: &schema.Schema{Type: schema.TypeString}, 87 Computed: true, 88 }, 89 "version": &schema.Schema{ 90 Type: schema.TypeString, 91 Computed: true, 92 }, 93 }, 94 } 95 } 96 97 func resourceRancherCertificateCreate(d *schema.ResourceData, meta interface{}) error { 98 log.Printf("[INFO][rancher] Creating Certificate: %s", d.Id()) 99 client, err := meta.(*Config).EnvironmentClient(d.Get("environment_id").(string)) 100 if err != nil { 101 return err 102 } 103 104 name := d.Get("name").(string) 105 description := d.Get("description").(string) 106 cert := d.Get("cert").(string) 107 certChain := d.Get("cert_chain").(string) 108 key := d.Get("key").(string) 109 110 certificate := rancher.Certificate{ 111 Name: name, 112 Description: description, 113 Cert: cert, 114 CertChain: certChain, 115 Key: key, 116 } 117 newCertificate, err := client.Certificate.Create(&certificate) 118 if err != nil { 119 return err 120 } 121 122 stateConf := &resource.StateChangeConf{ 123 Pending: []string{"active", "removed", "removing"}, 124 Target: []string{"active"}, 125 Refresh: CertificateStateRefreshFunc(client, newCertificate.Id), 126 Timeout: 10 * time.Minute, 127 Delay: 1 * time.Second, 128 MinTimeout: 3 * time.Second, 129 } 130 _, waitErr := stateConf.WaitForState() 131 if waitErr != nil { 132 return fmt.Errorf( 133 "Error waiting for registry credential (%s) to be created: %s", newCertificate.Id, waitErr) 134 } 135 136 d.SetId(newCertificate.Id) 137 log.Printf("[INFO] Certificate ID: %s", d.Id()) 138 139 return resourceRancherCertificateUpdate(d, meta) 140 } 141 142 func resourceRancherCertificateRead(d *schema.ResourceData, meta interface{}) error { 143 log.Printf("[INFO] Refreshing Certificate: %s", d.Id()) 144 client, err := meta.(*Config).EnvironmentClient(d.Get("environment_id").(string)) 145 if err != nil { 146 return err 147 } 148 149 certificate, err := client.Certificate.ById(d.Id()) 150 if err != nil { 151 return err 152 } 153 154 log.Printf("[INFO] Certificate Name: %s", certificate.Name) 155 156 d.Set("description", certificate.Description) 157 d.Set("name", certificate.Name) 158 159 // Computed values 160 d.Set("cn", certificate.CN) 161 d.Set("algorithm", certificate.Algorithm) 162 d.Set("cert_fingerprint", certificate.CertFingerprint) 163 d.Set("expires_at", certificate.ExpiresAt) 164 d.Set("issued_at", certificate.IssuedAt) 165 d.Set("issuer", certificate.Issuer) 166 d.Set("key_size", certificate.KeySize) 167 d.Set("serial_number", certificate.SerialNumber) 168 d.Set("subject_alternative_names", certificate.SubjectAlternativeNames) 169 d.Set("version", certificate.Version) 170 171 return nil 172 } 173 174 func resourceRancherCertificateUpdate(d *schema.ResourceData, meta interface{}) error { 175 log.Printf("[INFO] Updating Certificate: %s", d.Id()) 176 client, err := meta.(*Config).EnvironmentClient(d.Get("environment_id").(string)) 177 if err != nil { 178 return err 179 } 180 181 certificate, err := client.Certificate.ById(d.Id()) 182 if err != nil { 183 return err 184 } 185 186 name := d.Get("name").(string) 187 description := d.Get("description").(string) 188 cert := d.Get("cert").(string) 189 certChain := d.Get("cert_chain").(string) 190 key := d.Get("key").(string) 191 192 data := map[string]interface{}{ 193 "name": &name, 194 "description": &description, 195 "cert": &cert, 196 "cert_chain": &certChain, 197 "key": &key, 198 } 199 200 var newCertificate rancher.Certificate 201 if err := client.Update("certificate", &certificate.Resource, data, &newCertificate); err != nil { 202 return err 203 } 204 205 return resourceRancherCertificateRead(d, meta) 206 } 207 208 func resourceRancherCertificateDelete(d *schema.ResourceData, meta interface{}) error { 209 log.Printf("[INFO] Deleting Certificate: %s", d.Id()) 210 id := d.Id() 211 client, err := meta.(*Config).EnvironmentClient(d.Get("environment_id").(string)) 212 if err != nil { 213 return err 214 } 215 216 certificate, err := client.Certificate.ById(id) 217 if err != nil { 218 return err 219 } 220 221 if err := client.Certificate.Delete(certificate); err != nil { 222 return fmt.Errorf("Error deleting Certificate: %s", err) 223 } 224 225 log.Printf("[DEBUG] Waiting for certificate (%s) to be removed", id) 226 227 stateConf := &resource.StateChangeConf{ 228 Pending: []string{"active", "removed", "removing"}, 229 Target: []string{"removed"}, 230 Refresh: CertificateStateRefreshFunc(client, id), 231 Timeout: 10 * time.Minute, 232 Delay: 1 * time.Second, 233 MinTimeout: 3 * time.Second, 234 } 235 236 _, waitErr := stateConf.WaitForState() 237 if waitErr != nil { 238 return fmt.Errorf( 239 "Error waiting for certificate (%s) to be removed: %s", id, waitErr) 240 } 241 242 d.SetId("") 243 return nil 244 } 245 246 func resourceRancherCertificateImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { 247 envID, resourceID := splitID(d.Id()) 248 d.SetId(resourceID) 249 if envID != "" { 250 d.Set("environment_id", envID) 251 } else { 252 client, err := meta.(*Config).GlobalClient() 253 if err != nil { 254 return []*schema.ResourceData{}, err 255 } 256 stack, err := client.Environment.ById(d.Id()) 257 if err != nil { 258 return []*schema.ResourceData{}, err 259 } 260 d.Set("environment_id", stack.AccountId) 261 } 262 return []*schema.ResourceData{d}, nil 263 } 264 265 // CertificateStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch 266 // a Rancher Certificate. 267 func CertificateStateRefreshFunc(client *rancher.RancherClient, certificateID string) resource.StateRefreshFunc { 268 return func() (interface{}, string, error) { 269 cert, err := client.Certificate.ById(certificateID) 270 271 if err != nil { 272 return nil, "", err 273 } 274 275 return cert, cert.State, nil 276 } 277 }