feat(CIS): Order Advanced Certificate (IBM-Cloud#5483)

* feat(CIS): Order Advanced Certificate * syncing go sdk version * add documentation * fix request type * incorporate review comments * improve formatting
uibm · Jul 22, 2024 · c9acb2e · c9acb2e
1 parent 5353b18
commit c9acb2e
Show file tree

Hide file tree

Showing 13 changed files with 939 additions and 42 deletions.
diff --git a/examples/ibm-cis/main.tf b/examples/ibm-cis/main.tf
@@ -777,4 +777,32 @@ resource "ibm_cis_ruleset_version_detach" "tests" {
     domain_id = data.ibm_cis_domain.cis_domain.domain_id
     ruleset_id = "<id of the ruleset>"
     version = "<ruleset version>"
+}
+
+# Order Advanced Certificate Pack
+resource "ibm_cis_advanced_certificate_pack_order" "test" {
+  cis_id    = data.ibm_cis.cis.id
+  domain_id = data.ibm_cis_domain.cis_domain.domain_id
+  hosts     = ["example.com"]
+  certificate_authority = "lets_encrypt"
+  cloudflare_branding = false
+  validation_method = "txt"
+  validity = 90
+}
+
+# Order Origin Certificate
+resource "ibm_cis_origin_certificate_order" "test" {
+  cis_id    = data.ibm_cis.cis.id
+  domain_id = data.ibm_cis_domain.cis_domain.domain_id
+  hostnames     = ["example.com"]
+  request_type = "origin-rsa"
+  requested_validity = 5475
+  csr = "-----BEGIN CERTIFICATE REQUEST-----\nMIICxzCC***TA67sdbcQ==\n-----END CERTIFICATE REQUEST-----"
+}
+
+# Get Origin Certificates
+data ibm_cis_origin_certificates "test" {
+  cis_id    = ibm_cis.instance.id
+  domain_id = ibm_cis_domain.example.id
+  certificate_id = "25392180178235735583993116186144990011711092749"
 }
diff --git a/go.mod b/go.mod
@@ -1,8 +1,8 @@
 module github.com/IBM-Cloud/terraform-provider-ibm
 
-go 1.22.2
+go 1.22.4
 
-toolchain go1.22.3
+toolchain go1.22.5
 
 require (
 	github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240216115622-a311507b4b5b
@@ -25,7 +25,7 @@ require (
 	github.com/IBM/ibm-hpcs-uko-sdk v0.0.20-beta
 	github.com/IBM/keyprotect-go-client v0.14.0
 	github.com/IBM/logs-go-sdk v0.3.0
-	github.com/IBM/networking-go-sdk v0.47.1
+	github.com/IBM/networking-go-sdk v0.48.0
 	github.com/IBM/platform-services-go-sdk v0.64.4
 	github.com/IBM/project-go-sdk v0.3.5
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5

diff --git a/go.sum b/go.sum
@@ -138,8 +138,8 @@ github.com/IBM/logs-go-sdk v0.3.0 h1:FHzTCCMyp9DvQGXgkppzcOPywC4ggt7x8xu0MR5h8xI
 github.com/IBM/logs-go-sdk v0.3.0/go.mod h1:yv/GCXC4/p+MZEeXl4xjZAOMvDAVRwu61WyHZFKFXQM=
 github.com/IBM/mqcloud-go-sdk v0.1.0 h1:fWt4uisg5GbbsfNmAxx5/6c5gQIPM+VrEsTtnimELeA=
 github.com/IBM/mqcloud-go-sdk v0.1.0/go.mod h1:LesMQlKHXvdks4jqQLZH7HfATY5lvTzHuwQU5+y7b2g=
-github.com/IBM/networking-go-sdk v0.47.1 h1:Zqqu9CrZ86jkjMyuIJtBLLOE0D7YtirxnlFyAngEfLw=
-github.com/IBM/networking-go-sdk v0.47.1/go.mod h1:yF4XStkswGgVwQVqPUk6b4YTP0dVap52q8HDYwY4gXQ=
+github.com/IBM/networking-go-sdk v0.48.0 h1:CyClGO1FhugemuCRiJvXo03Nup6JbReu7MK4vH6ITZw=
+github.com/IBM/networking-go-sdk v0.48.0/go.mod h1:G9CKbmPE8gSLjN+ABh4hIZ1bMx076enl5Eekvj6zQnA=
 github.com/IBM/platform-services-go-sdk v0.64.4 h1:4HeK1NUZPsPndRMoYHPGxA3ASpvFZPqDiw3paOsgoes=
 github.com/IBM/platform-services-go-sdk v0.64.4/go.mod h1:6rYd3stLSnotYmZlxclw45EJPaQuLmh5f7c+Mg7rOg4=
 github.com/IBM/project-go-sdk v0.3.5 h1:L+YClFUa14foS0B/hOOY9n7sIdsT5/XQicnXOyJSpyM=
@@ -920,6 +920,8 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=

diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go
@@ -302,6 +302,7 @@ func Provider() *schema.Provider {
 			"ibm_cis_waf_rules":                            cis.DataSourceIBMCISWAFRules(),
 			"ibm_cis_filters":                              cis.DataSourceIBMCISFilters(),
 			"ibm_cis_firewall_rules":                       cis.DataSourceIBMCISFirewallRules(),
+			"ibm_cis_origin_certificates":                  cis.DataSourceIBMCISOriginCertificateOrder(),
 			"ibm_cloudant":                                 cloudant.DataSourceIBMCloudant(),
 			"ibm_cloudant_database":                        cloudant.DataSourceIBMCloudantDatabase(),
 			"ibm_database":                                 database.DataSourceIBMDatabaseInstance(),
@@ -999,43 +1000,45 @@ func Provider() *schema.Provider {
 			"ibm_function_trigger":   functions.ResourceIBMFunctionTrigger(),
 			"ibm_function_namespace": functions.ResourceIBMFunctionNamespace(),
 
-			"ibm_cis":                            cis.ResourceIBMCISInstance(),
-			"ibm_database":                       database.ResourceIBMDatabaseInstance(),
-			"ibm_cis_domain":                     cis.ResourceIBMCISDomain(),
-			"ibm_cis_domain_settings":            cis.ResourceIBMCISSettings(),
-			"ibm_cis_firewall":                   cis.ResourceIBMCISFirewallRecord(),
-			"ibm_cis_range_app":                  cis.ResourceIBMCISRangeApp(),
-			"ibm_cis_healthcheck":                cis.ResourceIBMCISHealthCheck(),
-			"ibm_cis_origin_pool":                cis.ResourceIBMCISPool(),
-			"ibm_cis_global_load_balancer":       cis.ResourceIBMCISGlb(),
-			"ibm_cis_certificate_upload":         cis.ResourceIBMCISCertificateUpload(),
-			"ibm_cis_dns_record":                 cis.ResourceIBMCISDnsRecord(),
-			"ibm_cis_dns_records_import":         cis.ResourceIBMCISDNSRecordsImport(),
-			"ibm_cis_rate_limit":                 cis.ResourceIBMCISRateLimit(),
-			"ibm_cis_page_rule":                  cis.ResourceIBMCISPageRule(),
-			"ibm_cis_edge_functions_action":      cis.ResourceIBMCISEdgeFunctionsAction(),
-			"ibm_cis_edge_functions_trigger":     cis.ResourceIBMCISEdgeFunctionsTrigger(),
-			"ibm_cis_tls_settings":               cis.ResourceIBMCISTLSSettings(),
-			"ibm_cis_waf_package":                cis.ResourceIBMCISWAFPackage(),
-			"ibm_cis_webhook":                    cis.ResourceIBMCISWebhooks(),
-			"ibm_cis_origin_auth":                cis.ResourceIBMCISOriginAuthPull(),
-			"ibm_cis_mtls":                       cis.ResourceIBMCISMtls(),
-			"ibm_cis_mtls_app":                   cis.ResourceIBMCISMtlsApp(),
-			"ibm_cis_bot_management":             cis.ResourceIBMCISBotManagement(),
-			"ibm_cis_logpush_job":                cis.ResourceIBMCISLogPushJob(),
-			"ibm_cis_alert":                      cis.ResourceIBMCISAlert(),
-			"ibm_cis_routing":                    cis.ResourceIBMCISRouting(),
-			"ibm_cis_waf_group":                  cis.ResourceIBMCISWAFGroup(),
-			"ibm_cis_cache_settings":             cis.ResourceIBMCISCacheSettings(),
-			"ibm_cis_custom_page":                cis.ResourceIBMCISCustomPage(),
-			"ibm_cis_waf_rule":                   cis.ResourceIBMCISWAFRule(),
-			"ibm_cis_certificate_order":          cis.ResourceIBMCISCertificateOrder(),
-			"ibm_cis_filter":                     cis.ResourceIBMCISFilter(),
-			"ibm_cis_firewall_rule":              cis.ResourceIBMCISFirewallrules(),
-			"ibm_cis_ruleset":                    cis.ResourceIBMCISRuleset(),
-			"ibm_cis_ruleset_version_detach":     cis.ResourceIBMCISRulesetVersionDetach(),
-			"ibm_cis_ruleset_rule":               cis.ResourceIBMCISRulesetRule(),
-			"ibm_cis_ruleset_entrypoint_version": cis.ResourceIBMCISRulesetEntryPointVersion(),
+			"ibm_cis":                                 cis.ResourceIBMCISInstance(),
+			"ibm_database":                            database.ResourceIBMDatabaseInstance(),
+			"ibm_cis_domain":                          cis.ResourceIBMCISDomain(),
+			"ibm_cis_domain_settings":                 cis.ResourceIBMCISSettings(),
+			"ibm_cis_firewall":                        cis.ResourceIBMCISFirewallRecord(),
+			"ibm_cis_range_app":                       cis.ResourceIBMCISRangeApp(),
+			"ibm_cis_healthcheck":                     cis.ResourceIBMCISHealthCheck(),
+			"ibm_cis_origin_pool":                     cis.ResourceIBMCISPool(),
+			"ibm_cis_global_load_balancer":            cis.ResourceIBMCISGlb(),
+			"ibm_cis_certificate_upload":              cis.ResourceIBMCISCertificateUpload(),
+			"ibm_cis_dns_record":                      cis.ResourceIBMCISDnsRecord(),
+			"ibm_cis_dns_records_import":              cis.ResourceIBMCISDNSRecordsImport(),
+			"ibm_cis_rate_limit":                      cis.ResourceIBMCISRateLimit(),
+			"ibm_cis_page_rule":                       cis.ResourceIBMCISPageRule(),
+			"ibm_cis_edge_functions_action":           cis.ResourceIBMCISEdgeFunctionsAction(),
+			"ibm_cis_edge_functions_trigger":          cis.ResourceIBMCISEdgeFunctionsTrigger(),
+			"ibm_cis_tls_settings":                    cis.ResourceIBMCISTLSSettings(),
+			"ibm_cis_waf_package":                     cis.ResourceIBMCISWAFPackage(),
+			"ibm_cis_webhook":                         cis.ResourceIBMCISWebhooks(),
+			"ibm_cis_origin_auth":                     cis.ResourceIBMCISOriginAuthPull(),
+			"ibm_cis_mtls":                            cis.ResourceIBMCISMtls(),
+			"ibm_cis_mtls_app":                        cis.ResourceIBMCISMtlsApp(),
+			"ibm_cis_bot_management":                  cis.ResourceIBMCISBotManagement(),
+			"ibm_cis_logpush_job":                     cis.ResourceIBMCISLogPushJob(),
+			"ibm_cis_alert":                           cis.ResourceIBMCISAlert(),
+			"ibm_cis_routing":                         cis.ResourceIBMCISRouting(),
+			"ibm_cis_waf_group":                       cis.ResourceIBMCISWAFGroup(),
+			"ibm_cis_cache_settings":                  cis.ResourceIBMCISCacheSettings(),
+			"ibm_cis_custom_page":                     cis.ResourceIBMCISCustomPage(),
+			"ibm_cis_waf_rule":                        cis.ResourceIBMCISWAFRule(),
+			"ibm_cis_certificate_order":               cis.ResourceIBMCISCertificateOrder(),
+			"ibm_cis_filter":                          cis.ResourceIBMCISFilter(),
+			"ibm_cis_firewall_rule":                   cis.ResourceIBMCISFirewallrules(),
+			"ibm_cis_ruleset":                         cis.ResourceIBMCISRuleset(),
+			"ibm_cis_ruleset_version_detach":          cis.ResourceIBMCISRulesetVersionDetach(),
+			"ibm_cis_ruleset_rule":                    cis.ResourceIBMCISRulesetRule(),
+			"ibm_cis_ruleset_entrypoint_version":      cis.ResourceIBMCISRulesetEntryPointVersion(),
+			"ibm_cis_advanced_certificate_pack_order": cis.ResourceIBMCISAdvancedCertificatePackOrder(),
+			"ibm_cis_origin_certificate_order":        cis.ResourceIBMCISOriginCertificateOrder(),
 
 			"ibm_cloudant":                                 cloudant.ResourceIBMCloudant(),
 			"ibm_cloudant_database":                        cloudant.ResourceIBMCloudantDatabase(),
@@ -1737,6 +1740,8 @@ func Validator() validate.ValidatorDict {
 				"ibm_cis_ruleset_entrypoint_version":           cis.ResourceIBMCISRulesetEntryPointVersionValidator(),
 				"ibm_cis_ruleset_rule":                         cis.ResourceIBMCISRulesetRuleValidator(),
 				"ibm_cis_ruleset_version_detach":               cis.ResourceIBMCISRulesetVersionDetachValidator(),
+				"ibm_cis_advanced_certificate_pack_order":      cis.ResourceIBMCISAdvancedCertificatePackOrderValidator(),
+				"ibm_cis_origin_certificate_order":             cis.ResourceIBMCISOriginCertificateOrderValidator(),
 				"ibm_container_cluster":                        kubernetes.ResourceIBMContainerClusterValidator(),
 				"ibm_container_worker_pool":                    kubernetes.ResourceIBMContainerWorkerPoolValidator(),
 				"ibm_container_vpc_worker_pool":                kubernetes.ResourceIBMContainerVPCWorkerPoolValidator(),
@@ -2026,6 +2031,7 @@ func Validator() validate.ValidatorDict {
 				"ibm_cis_waf_packages":                cis.DataSourceIBMCISWAFPackagesValidator(),
 				"ibm_cis_waf_rules":                   cis.DataSourceIBMCISWAFRulesValidator(),
 				"ibm_cis_logpush_jobs":                cis.DataSourceIBMCISLogPushJobsValidator(),
+				"ibm_cis_origin_certificates":         cis.DataIBMCISOriginCertificateOrderValidator(),
 
 				"ibm_cos_bucket": cos.DataSourceIBMCosBucketValidator(),
 

diff --git a/ibm/service/cis/data_source_ibm_cis_origin_certificate_order.go b/ibm/service/cis/data_source_ibm_cis_origin_certificate_order.go
@@ -0,0 +1,197 @@
+// Copyright IBM Corp. 2017, 2021, 2024 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package cis
+
+import (
+	"log"
+	"reflect"
+	"time"
+
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate"
+	"github.com/IBM/go-sdk-core/v5/core"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DataSourceIBMCISOriginCertificateOrder() *schema.Resource {
+	return &schema.Resource{
+		Read:     DataIBMCISOriginCertificateRead,
+		Importer: &schema.ResourceImporter{},
+		Schema: map[string]*schema.Schema{
+			cisID: {
+				Type:        schema.TypeString,
+				Description: "CIS object ID or CRN",
+				Required:    true,
+				ValidateFunc: validate.InvokeValidator(ibmCISOriginCertificateOrder,
+					"cis_id"),
+			},
+			cisDomainID: {
+				Type:             schema.TypeString,
+				Description:      "Associated CIS domain",
+				Required:         true,
+				DiffSuppressFunc: suppressDomainIDDiff,
+			},
+			cisOriginCertificateID: {
+				Type:        schema.TypeString,
+				Description: "Certificate ID",
+				Optional:    true,
+			},
+			cisOriginCertificateList: {
+				Type:        schema.TypeList,
+				Description: "List of certificate",
+				Computed:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						cisOriginCertificateID: {
+							Type:        schema.TypeString,
+							Description: "Certificate ID",
+							Computed:    true,
+						},
+						cisOriginCertificateType: {
+							Type:        schema.TypeString,
+							Description: "Certificate type",
+							Computed:    true,
+						},
+						cisOriginCertificateHosts: {
+							Type:        schema.TypeList,
+							Description: "Hosts for which certificates need to be ordered",
+							Computed:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+						},
+						cisOriginCertificateValidityDays: {
+							Type:        schema.TypeInt,
+							Description: "Validity days",
+							Computed:    true,
+						},
+						cisOriginCertificateCSR: {
+							Type:        schema.TypeString,
+							Description: "CSR",
+							Computed:    true,
+						},
+						cisOriginCertificatePrivateKey: {
+							Type:        schema.TypeString,
+							Description: "Certificate private key",
+							Computed:    true,
+						},
+						cisOriginCertificate: {
+							Type:        schema.TypeString,
+							Description: "Certificate",
+							Computed:    true,
+						},
+						cisOriginCertificateExpiresOn: {
+							Type:        schema.TypeString,
+							Description: "Expiration date of the certificate",
+							Computed:    true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func DataIBMCISOriginCertificateOrderValidator() *validate.ResourceValidator {
+	validateSchema := make([]validate.ValidateSchema, 0)
+	validateSchema = append(validateSchema,
+		validate.ValidateSchema{
+			Identifier:                 "cis_id",
+			ValidateFunctionIdentifier: validate.ValidateCloudData,
+			Type:                       validate.TypeString,
+			CloudDataType:              "data_instance",
+			CloudDataRange:             []string{"service:internet-svcs"},
+			Required:                   true})
+
+	cisOriginCertificateOrderValidator := validate.ResourceValidator{
+		ResourceName: ibmCISOriginCertificateOrder,
+		Schema:       validateSchema}
+	return &cisOriginCertificateOrderValidator
+}
+
+func DataIBMCISOriginCertificateRead(d *schema.ResourceData, meta interface{}) error {
+
+	cisClient, err := meta.(conns.ClientSession).CisSSLClientSession()
+	if err != nil {
+		return err
+	}
+
+	crn := d.Get(cisID).(string)
+	zoneID := d.Get(cisDomainID).(string)
+	cert_id := d.Get(cisOriginCertificateID).(string)
+
+	cisClient.Crn = core.StringPtr(crn)
+	cisClient.ZoneIdentifier = core.StringPtr(zoneID)
+
+	originCertList := make([]map[string]interface{}, 0)
+
+	if cert_id != "" {
+
+		opt := cisClient.NewGetOriginCertificateOptions(crn, zoneID, cert_id)
+		result, resp, err := cisClient.GetOriginCertificate(opt)
+		if err != nil {
+			log.Printf("Get Certificate read failed: %v", resp)
+			return err
+		}
+
+		certOutput := map[string]interface{}{}
+		certOutput[cisOriginCertificateID] = *result.Result.ID
+		if !reflect.ValueOf(result.Result.RequestType).IsNil() {
+			certOutput[cisOriginCertificateType] = *result.Result.RequestType
+		}
+		certOutput[cisOriginCertificateHosts] = flex.FlattenStringList(result.Result.Hostnames)
+		if !reflect.ValueOf(result.Result.RequestedValidity).IsNil() {
+			certOutput[cisOriginCertificateValidityDays] = *result.Result.RequestedValidity
+		}
+		if !reflect.ValueOf(result.Result.Csr).IsNil() {
+			certOutput[cisOriginCertificateCSR] = *result.Result.Csr
+		}
+		if !reflect.ValueOf(result.Result.PrivateKey).IsNil() {
+			certOutput[cisOriginCertificatePrivateKey] = *result.Result.PrivateKey
+		}
+		certOutput[cisOriginCertificate] = *result.Result.Certificate
+		certOutput[cisOriginCertificateExpiresOn] = *result.Result.ExpiresOn
+
+		originCertList = append(originCertList, certOutput)
+
+	} else {
+		opt := cisClient.NewListOriginCertificatesOptions(crn, zoneID)
+		result, resp, err := cisClient.ListOriginCertificates(opt)
+		if err != nil {
+			log.Printf("List Certificate read failed: %v", resp)
+			return err
+		}
+		for _, certObj := range result.Result {
+			certOutput := map[string]interface{}{}
+			certOutput[cisOriginCertificateID] = *certObj.ID
+			if !reflect.ValueOf(certObj.RequestType).IsNil() {
+				certOutput[cisOriginCertificateType] = *certObj.RequestType
+			}
+			certOutput[cisOriginCertificateHosts] = flex.FlattenStringList(certObj.Hostnames)
+			if !reflect.ValueOf(certObj.RequestedValidity).IsNil() {
+				certOutput[cisOriginCertificateValidityDays] = *certObj.RequestedValidity
+			}
+			if !reflect.ValueOf(certObj.Csr).IsNil() {
+				certOutput[cisOriginCertificateCSR] = *certObj.Csr
+			}
+			if !reflect.ValueOf(certObj.PrivateKey).IsNil() {
+				certOutput[cisOriginCertificatePrivateKey] = *certObj.PrivateKey
+			}
+			certOutput[cisOriginCertificate] = *certObj.Certificate
+			certOutput[cisOriginCertificateExpiresOn] = *certObj.ExpiresOn
+
+			originCertList = append(originCertList, certOutput)
+		}
+	}
+
+	d.SetId(dataSourceIBMCISOriginCertificatesID())
+	d.Set(cisID, crn)
+	d.Set(cisDomainID, zoneID)
+	d.Set(cisOriginCertificateList, originCertList)
+
+	return nil
+}
+
+func dataSourceIBMCISOriginCertificatesID() string {
+	return time.Now().UTC().String()
+}