github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/tls/resource_self_signed_cert.go (about)

     1  package tls
     2  
     3  import (
     4  	"crypto/x509"
     5  	"fmt"
     6  	"net"
     7  
     8  	"github.com/hashicorp/terraform/helper/schema"
     9  )
    10  
    11  func resourceSelfSignedCert() *schema.Resource {
    12  	s := resourceCertificateCommonSchema()
    13  
    14  	s["subject"] = &schema.Schema{
    15  		Type:     schema.TypeList,
    16  		Required: true,
    17  		Elem:     nameSchema,
    18  		ForceNew: true,
    19  	}
    20  
    21  	s["dns_names"] = &schema.Schema{
    22  		Type:        schema.TypeList,
    23  		Optional:    true,
    24  		Description: "List of DNS names to use as subjects of the certificate",
    25  		ForceNew:    true,
    26  		Elem: &schema.Schema{
    27  			Type: schema.TypeString,
    28  		},
    29  	}
    30  
    31  	s["ip_addresses"] = &schema.Schema{
    32  		Type:        schema.TypeList,
    33  		Optional:    true,
    34  		Description: "List of IP addresses to use as subjects of the certificate",
    35  		ForceNew:    true,
    36  		Elem: &schema.Schema{
    37  			Type: schema.TypeString,
    38  		},
    39  	}
    40  
    41  	s["key_algorithm"] = &schema.Schema{
    42  		Type:        schema.TypeString,
    43  		Required:    true,
    44  		Description: "Name of the algorithm to use to generate the certificate's private key",
    45  		ForceNew:    true,
    46  	}
    47  
    48  	s["private_key_pem"] = &schema.Schema{
    49  		Type:        schema.TypeString,
    50  		Required:    true,
    51  		Description: "PEM-encoded private key that the certificate will belong to",
    52  		ForceNew:    true,
    53  		StateFunc: func(v interface{}) string {
    54  			return hashForState(v.(string))
    55  		},
    56  	}
    57  
    58  	return &schema.Resource{
    59  		Create: CreateSelfSignedCert,
    60  		Delete: DeleteCertificate,
    61  		Read:   ReadCertificate,
    62  		Schema: s,
    63  	}
    64  }
    65  
    66  func CreateSelfSignedCert(d *schema.ResourceData, meta interface{}) error {
    67  	key, err := parsePrivateKey(d, "private_key_pem", "key_algorithm")
    68  	if err != nil {
    69  		return err
    70  	}
    71  
    72  	subjectConfs := d.Get("subject").([]interface{})
    73  	if len(subjectConfs) != 1 {
    74  		return fmt.Errorf("must have exactly one 'subject' block")
    75  	}
    76  	subjectConf := subjectConfs[0].(map[string]interface{})
    77  	subject, err := nameFromResourceData(subjectConf)
    78  	if err != nil {
    79  		return fmt.Errorf("invalid subject block: %s", err)
    80  	}
    81  
    82  	cert := x509.Certificate{
    83  		Subject:               *subject,
    84  		BasicConstraintsValid: true,
    85  	}
    86  
    87  	dnsNamesI := d.Get("dns_names").([]interface{})
    88  	for _, nameI := range dnsNamesI {
    89  		cert.DNSNames = append(cert.DNSNames, nameI.(string))
    90  	}
    91  	ipAddressesI := d.Get("ip_addresses").([]interface{})
    92  	for _, ipStrI := range ipAddressesI {
    93  		ip := net.ParseIP(ipStrI.(string))
    94  		if ip == nil {
    95  			return fmt.Errorf("invalid IP address %#v", ipStrI.(string))
    96  		}
    97  		cert.IPAddresses = append(cert.IPAddresses, ip)
    98  	}
    99  
   100  	return createCertificate(d, &cert, &cert, publicKey(key), key)
   101  }