github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/tls/data_source_cert_request.go

github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/tls/data_source_cert_request.go (about)

     1  package tls
     2  
     3  import (
     4  	"crypto/rand"
     5  	"crypto/x509"
     6  	"encoding/pem"
     7  	"fmt"
     8  	"net"
     9  
    10  	"github.com/hashicorp/terraform/helper/schema"
    11  )
    12  
    13  const pemCertReqType = "CERTIFICATE REQUEST"
    14  
    15  func dataSourceCertRequest() *schema.Resource {
    16  	return &schema.Resource{
    17  		Read: ReadCertRequest,
    18  
    19  		Schema: map[string]*schema.Schema{
    20  
    21  			"dns_names": &schema.Schema{
    22  				Type:        schema.TypeList,
    23  				Optional:    true,
    24  				Description: "List of DNS names to use as subjects of the certificate",
    25  				Elem: &schema.Schema{
    26  					Type: schema.TypeString,
    27  				},
    28  			},
    29  
    30  			"ip_addresses": &schema.Schema{
    31  				Type:        schema.TypeList,
    32  				Optional:    true,
    33  				Description: "List of IP addresses to use as subjects of the certificate",
    34  				Elem: &schema.Schema{
    35  					Type: schema.TypeString,
    36  				},
    37  			},
    38  
    39  			"key_algorithm": &schema.Schema{
    40  				Type:        schema.TypeString,
    41  				Required:    true,
    42  				Description: "Name of the algorithm to use to generate the certificate's private key",
    43  			},
    44  
    45  			"private_key_pem": &schema.Schema{
    46  				Type:        schema.TypeString,
    47  				Required:    true,
    48  				Description: "PEM-encoded private key that the certificate will belong to",
    49  				StateFunc: func(v interface{}) string {
    50  					return hashForState(v.(string))
    51  				},
    52  			},
    53  
    54  			"subject": &schema.Schema{
    55  				Type:     schema.TypeList,
    56  				Required: true,
    57  				Elem:     nameSchema,
    58  			},
    59  
    60  			"cert_request_pem": &schema.Schema{
    61  				Type:     schema.TypeString,
    62  				Computed: true,
    63  			},
    64  		},
    65  	}
    66  }
    67  
    68  func ReadCertRequest(d *schema.ResourceData, meta interface{}) error {
    69  	key, err := parsePrivateKey(d, "private_key_pem", "key_algorithm")
    70  	if err != nil {
    71  		return err
    72  	}
    73  
    74  	subjectConfs := d.Get("subject").([]interface{})
    75  	if len(subjectConfs) != 1 {
    76  		return fmt.Errorf("must have exactly one 'subject' block")
    77  	}
    78  	subjectConf := subjectConfs[0].(map[string]interface{})
    79  	subject, err := nameFromResourceData(subjectConf)
    80  	if err != nil {
    81  		return fmt.Errorf("invalid subject block: %s", err)
    82  	}
    83  
    84  	certReq := x509.CertificateRequest{
    85  		Subject: *subject,
    86  	}
    87  
    88  	dnsNamesI := d.Get("dns_names").([]interface{})
    89  	for _, nameI := range dnsNamesI {
    90  		certReq.DNSNames = append(certReq.DNSNames, nameI.(string))
    91  	}
    92  	ipAddressesI := d.Get("ip_addresses").([]interface{})
    93  	for _, ipStrI := range ipAddressesI {
    94  		ip := net.ParseIP(ipStrI.(string))
    95  		if ip == nil {
    96  			return fmt.Errorf("invalid IP address %#v", ipStrI.(string))
    97  		}
    98  		certReq.IPAddresses = append(certReq.IPAddresses, ip)
    99  	}
   100  
   101  	certReqBytes, err := x509.CreateCertificateRequest(rand.Reader, &certReq, key)
   102  	if err != nil {
   103  		return fmt.Errorf("Error creating certificate request: %s", err)
   104  	}
   105  	certReqPem := string(pem.EncodeToMemory(&pem.Block{Type: pemCertReqType, Bytes: certReqBytes}))
   106  
   107  	d.SetId(hashForState(string(certReqBytes)))
   108  	d.Set("cert_request_pem", certReqPem)
   109  
   110  	return nil
   111  }