github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/tls/resource_locally_signed_cert.go (about)

     1  package tls
     2  
     3  import (
     4  	"crypto/x509"
     5  
     6  	"github.com/hashicorp/terraform/helper/schema"
     7  )
     8  
     9  func resourceLocallySignedCert() *schema.Resource {
    10  	s := resourceCertificateCommonSchema()
    11  
    12  	s["cert_request_pem"] = &schema.Schema{
    13  		Type:        schema.TypeString,
    14  		Required:    true,
    15  		Description: "PEM-encoded certificate request",
    16  		ForceNew:    true,
    17  		StateFunc: func(v interface{}) string {
    18  			return hashForState(v.(string))
    19  		},
    20  	}
    21  
    22  	s["ca_key_algorithm"] = &schema.Schema{
    23  		Type:        schema.TypeString,
    24  		Required:    true,
    25  		Description: "Name of the algorithm used to generate the certificate's private key",
    26  		ForceNew:    true,
    27  	}
    28  
    29  	s["ca_private_key_pem"] = &schema.Schema{
    30  		Type:        schema.TypeString,
    31  		Required:    true,
    32  		Description: "PEM-encoded CA private key used to sign the certificate",
    33  		ForceNew:    true,
    34  		StateFunc: func(v interface{}) string {
    35  			return hashForState(v.(string))
    36  		},
    37  	}
    38  
    39  	s["ca_cert_pem"] = &schema.Schema{
    40  		Type:        schema.TypeString,
    41  		Required:    true,
    42  		Description: "PEM-encoded CA certificate",
    43  		ForceNew:    true,
    44  		StateFunc: func(v interface{}) string {
    45  			return hashForState(v.(string))
    46  		},
    47  	}
    48  
    49  	return &schema.Resource{
    50  		Create: CreateLocallySignedCert,
    51  		Delete: DeleteCertificate,
    52  		Read:   ReadCertificate,
    53  		Schema: s,
    54  	}
    55  }
    56  
    57  func CreateLocallySignedCert(d *schema.ResourceData, meta interface{}) error {
    58  	certReq, err := parseCertificateRequest(d, "cert_request_pem")
    59  	if err != nil {
    60  		return err
    61  	}
    62  	caKey, err := parsePrivateKey(d, "ca_private_key_pem", "ca_key_algorithm")
    63  	if err != nil {
    64  		return err
    65  	}
    66  	caCert, err := parseCertificate(d, "ca_cert_pem")
    67  	if err != nil {
    68  		return err
    69  	}
    70  
    71  	cert := x509.Certificate{
    72  		Subject:               certReq.Subject,
    73  		DNSNames:              certReq.DNSNames,
    74  		IPAddresses:           certReq.IPAddresses,
    75  		BasicConstraintsValid: true,
    76  	}
    77  
    78  	return createCertificate(d, &cert, caCert, certReq.PublicKey, caKey)
    79  }