github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/tls/resource_locally_signed_cert.go (about) 1 package tls 2 3 import ( 4 "crypto/x509" 5 6 "github.com/hashicorp/terraform/helper/schema" 7 ) 8 9 func resourceLocallySignedCert() *schema.Resource { 10 s := resourceCertificateCommonSchema() 11 12 s["cert_request_pem"] = &schema.Schema{ 13 Type: schema.TypeString, 14 Required: true, 15 Description: "PEM-encoded certificate request", 16 ForceNew: true, 17 StateFunc: func(v interface{}) string { 18 return hashForState(v.(string)) 19 }, 20 } 21 22 s["ca_key_algorithm"] = &schema.Schema{ 23 Type: schema.TypeString, 24 Required: true, 25 Description: "Name of the algorithm used to generate the certificate's private key", 26 ForceNew: true, 27 } 28 29 s["ca_private_key_pem"] = &schema.Schema{ 30 Type: schema.TypeString, 31 Required: true, 32 Description: "PEM-encoded CA private key used to sign the certificate", 33 ForceNew: true, 34 StateFunc: func(v interface{}) string { 35 return hashForState(v.(string)) 36 }, 37 } 38 39 s["ca_cert_pem"] = &schema.Schema{ 40 Type: schema.TypeString, 41 Required: true, 42 Description: "PEM-encoded CA certificate", 43 ForceNew: true, 44 StateFunc: func(v interface{}) string { 45 return hashForState(v.(string)) 46 }, 47 } 48 49 return &schema.Resource{ 50 Create: CreateLocallySignedCert, 51 Delete: DeleteCertificate, 52 Read: ReadCertificate, 53 Schema: s, 54 } 55 } 56 57 func CreateLocallySignedCert(d *schema.ResourceData, meta interface{}) error { 58 certReq, err := parseCertificateRequest(d, "cert_request_pem") 59 if err != nil { 60 return err 61 } 62 caKey, err := parsePrivateKey(d, "ca_private_key_pem", "ca_key_algorithm") 63 if err != nil { 64 return err 65 } 66 caCert, err := parseCertificate(d, "ca_cert_pem") 67 if err != nil { 68 return err 69 } 70 71 cert := x509.Certificate{ 72 Subject: certReq.Subject, 73 DNSNames: certReq.DNSNames, 74 IPAddresses: certReq.IPAddresses, 75 BasicConstraintsValid: true, 76 } 77 78 return createCertificate(d, &cert, caCert, certReq.PublicKey, caKey) 79 }