Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / b9c4dd45f637f009e6ebbee053c562b25e63e4f7 / . / v6.2.0 / google-beta / services / certificatemanager / resource_certificate_manager_certificate.go
blob: 9b5ec6c7895fdebb34d03933e9c1112f0ded89e0 [file] [log] [blame]
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** Type: MMv1 ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Magic Modules and manual
// changes will be clobbered when the file is regenerated.
//
// Please read more about how to change this file in
// .github/CONTRIBUTING.md.
//
// ----------------------------------------------------------------------------
package certificatemanager
import (
"context"
"fmt"
"log"
"net/http"
"reflect"
"strings"
"time"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
)
func certManagerDefaultScopeDiffSuppress(_, old, new string, diff *schema.ResourceData) bool {
if old == "" && new == "DEFAULT" || old == "DEFAULT" && new == "" {
return true
}
return false
}
func ResourceCertificateManagerCertificate() *schema.Resource {
return &schema.Resource{
Create: resourceCertificateManagerCertificateCreate,
Read: resourceCertificateManagerCertificateRead,
Update: resourceCertificateManagerCertificateUpdate,
Delete: resourceCertificateManagerCertificateDelete,
Importer: &schema.ResourceImporter{
State: resourceCertificateManagerCertificateImport,
},
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(20 * time.Minute),
Update: schema.DefaultTimeout(20 * time.Minute),
Delete: schema.DefaultTimeout(20 * time.Minute),
},
SchemaVersion: 1,
StateUpgraders: []schema.StateUpgrader{
{
Type: resourceCertificateManagerCertificateResourceV0().CoreConfigSchema().ImpliedType(),
Upgrade: ResourceCertificateManagerCertificateUpgradeV0,
Version: 0,
},
},
CustomizeDiff: customdiff.All(
tpgresource.SetLabelsDiff,
tpgresource.DefaultProviderProject,
),
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: `A user-defined name of the certificate. Certificate names must be unique
The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,
and all following characters must be a dash, underscore, letter or digit.`,
},
"description": {
Type: schema.TypeString,
Optional: true,
Description: `A human-readable description of the resource.`,
},
"labels": {
Type: schema.TypeMap,
Optional: true,
Description: `Set of label tags associated with the Certificate resource.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field 'effective_labels' for all of the labels present on the resource.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"location": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: `The Certificate Manager location. If not specified, "global" is used.`,
Default: "global",
},
"managed": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `Configuration and state of a Managed Certificate.
Certificate Manager provisions and renews Managed Certificates
automatically, for as long as it's authorized to do so.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"dns_authorizations": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
DiffSuppressFunc: tpgresource.ProjectNumberDiffSuppress,
Description: `Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"domains": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `The domains for which a managed SSL certificate will be generated.
Wildcard domains are only supported with DNS challenge resolution`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"issuance_config": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
DiffSuppressFunc: tpgresource.CompareResourceNames,
Description: `The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.
If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.
Either issuanceConfig or dnsAuthorizations should be specificed, but not both.`,
},
"authorization_attempt_info": {
Type: schema.TypeList,
Computed: true,
Description: `Detailed state of the latest authorization attempt for each domain
specified for this Managed Certificate.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"details": {
Type: schema.TypeString,
Computed: true,
Description: `Human readable explanation for reaching the state. Provided to help
address the configuration issues.
Not guaranteed to be stable. For programmatic access use 'failure_reason' field.`,
},
"domain": {
Type: schema.TypeString,
Computed: true,
Description: `Domain name of the authorization attempt.`,
},
"failure_reason": {
Type: schema.TypeString,
Computed: true,
Description: `Reason for failure of the authorization attempt for the domain.`,
},
"state": {
Type: schema.TypeString,
Computed: true,
Description: `State of the domain for managed certificate issuance.`,
},
},
},
},
"provisioning_issue": {
Type: schema.TypeList,
Computed: true,
Description: `Information about issues with provisioning this Managed Certificate.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"details": {
Type: schema.TypeString,
Computed: true,
Description: `Human readable explanation about the issue. Provided to help address
the configuration issues.
Not guaranteed to be stable. For programmatic access use 'reason' field.`,
},
"reason": {
Type: schema.TypeString,
Computed: true,
Description: `Reason for provisioning failures.`,
},
},
},
},
"state": {
Type: schema.TypeString,
Computed: true,
Description: `A state of this Managed Certificate.`,
},
},
},
ExactlyOneOf: []string{"self_managed", "managed"},
},
"scope": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
DiffSuppressFunc: certManagerDefaultScopeDiffSuppress,
Description: `The scope of the certificate.
DEFAULT: Certificates with default scope are served from core Google data centers.
If unsure, choose this option.
EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.
See https://cloud.google.com/vpc/docs/edge-locations.
ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).
See https://cloud.google.com/compute/docs/regions-zones`,
Default: "DEFAULT",
},
"self_managed": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `Certificate data for a SelfManaged Certificate.
SelfManaged Certificates are uploaded by the user. Updating such
certificates before they expire remains the user's responsibility.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate_pem": {
Type: schema.TypeString,
Optional: true,
Deprecated: "`certificate_pem` is deprecated and will be removed in a future major release. Use `pem_certificate` instead.",
ForceNew: true,
Description: `The certificate chain in PEM-encoded form.
Leaf certificate comes first, followed by intermediate ones if any.`,
Sensitive: true,
ExactlyOneOf: []string{"self_managed.0.certificate_pem", "self_managed.0.pem_certificate"},
},
"pem_certificate": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: `The certificate chain in PEM-encoded form.
Leaf certificate comes first, followed by intermediate ones if any.`,
ExactlyOneOf: []string{"self_managed.0.certificate_pem", "self_managed.0.pem_certificate"},
},
"pem_private_key": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: `The private key of the leaf certificate in PEM-encoded form.`,
Sensitive: true,
ExactlyOneOf: []string{"self_managed.0.private_key_pem", "self_managed.0.pem_private_key"},
},
"private_key_pem": {
Type: schema.TypeString,
Optional: true,
Deprecated: "`private_key_pem` is deprecated and will be removed in a future major release. Use `pem_private_key` instead.",
ForceNew: true,
Description: `The private key of the leaf certificate in PEM-encoded form.`,
Sensitive: true,
ExactlyOneOf: []string{"self_managed.0.private_key_pem", "self_managed.0.pem_private_key"},
},
},
},
ExactlyOneOf: []string{"self_managed", "managed"},
},
"effective_labels": {
Type: schema.TypeMap,
Computed: true,
Description: `All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"san_dnsnames": {
Type: schema.TypeList,
Computed: true,
Description: `The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6)`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"terraform_labels": {
Type: schema.TypeMap,
Computed: true,
Description: `The combination of labels configured directly on the resource
and default labels configured on the provider.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"project": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
},
},
UseJSONNumber: true,
}
}
func resourceCertificateManagerCertificateCreate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
obj := make(map[string]interface{})
descriptionProp, err := expandCertificateManagerCertificateDescription(d.Get("description"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("description"); !tpgresource.IsEmptyValue(reflect.ValueOf(descriptionProp)) && (ok || !reflect.DeepEqual(v, descriptionProp)) {
obj["description"] = descriptionProp
}
scopeProp, err := expandCertificateManagerCertificateScope(d.Get("scope"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("scope"); !tpgresource.IsEmptyValue(reflect.ValueOf(scopeProp)) && (ok || !reflect.DeepEqual(v, scopeProp)) {
obj["scope"] = scopeProp
}
selfManagedProp, err := expandCertificateManagerCertificateSelfManaged(d.Get("self_managed"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("self_managed"); !tpgresource.IsEmptyValue(reflect.ValueOf(selfManagedProp)) && (ok || !reflect.DeepEqual(v, selfManagedProp)) {
obj["selfManaged"] = selfManagedProp
}
managedProp, err := expandCertificateManagerCertificateManaged(d.Get("managed"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("managed"); !tpgresource.IsEmptyValue(reflect.ValueOf(managedProp)) && (ok || !reflect.DeepEqual(v, managedProp)) {
obj["managed"] = managedProp
}
labelsProp, err := expandCertificateManagerCertificateEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("effective_labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(labelsProp)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}
url, err := tpgresource.ReplaceVars(d, config, "{{CertificateManagerBasePath}}projects/{{project}}/locations/{{location}}/certificates?certificateId={{name}}")
if err != nil {
return err
}
log.Printf("[DEBUG] Creating new Certificate: %#v", obj)
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for Certificate: %s", err)
}
billingProject = project
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
headers := make(http.Header)
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "POST",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Body: obj,
Timeout: d.Timeout(schema.TimeoutCreate),
Headers: headers,
})
if err != nil {
return fmt.Errorf("Error creating Certificate: %s", err)
}
// Store the ID now
id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/certificates/{{name}}")
if err != nil {
return fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)
err = CertificateManagerOperationWaitTime(
config, res, project, "Creating Certificate", userAgent,
d.Timeout(schema.TimeoutCreate))
if err != nil {
// The resource didn't actually create
d.SetId("")
return fmt.Errorf("Error waiting to create Certificate: %s", err)
}
log.Printf("[DEBUG] Finished creating Certificate %q: %#v", d.Id(), res)
return resourceCertificateManagerCertificateRead(d, meta)
}
func resourceCertificateManagerCertificateRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
url, err := tpgresource.ReplaceVars(d, config, "{{CertificateManagerBasePath}}projects/{{project}}/locations/{{location}}/certificates/{{name}}")
if err != nil {
return err
}
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for Certificate: %s", err)
}
billingProject = project
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
headers := make(http.Header)
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "GET",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Headers: headers,
})
if err != nil {
return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("CertificateManagerCertificate %q", d.Id()))
}
if err := d.Set("project", project); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
if err := d.Set("description", flattenCertificateManagerCertificateDescription(res["description"], d, config)); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
if err := d.Set("labels", flattenCertificateManagerCertificateLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
if err := d.Set("scope", flattenCertificateManagerCertificateScope(res["scope"], d, config)); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
if err := d.Set("san_dnsnames", flattenCertificateManagerCertificateSanDnsnames(res["sanDnsnames"], d, config)); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
if err := d.Set("managed", flattenCertificateManagerCertificateManaged(res["managed"], d, config)); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
if err := d.Set("terraform_labels", flattenCertificateManagerCertificateTerraformLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
if err := d.Set("effective_labels", flattenCertificateManagerCertificateEffectiveLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading Certificate: %s", err)
}
return nil
}
func resourceCertificateManagerCertificateUpdate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for Certificate: %s", err)
}
billingProject = project
obj := make(map[string]interface{})
descriptionProp, err := expandCertificateManagerCertificateDescription(d.Get("description"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("description"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, descriptionProp)) {
obj["description"] = descriptionProp
}
labelsProp, err := expandCertificateManagerCertificateEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("effective_labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}
url, err := tpgresource.ReplaceVars(d, config, "{{CertificateManagerBasePath}}projects/{{project}}/locations/{{location}}/certificates/{{name}}")
if err != nil {
return err
}
log.Printf("[DEBUG] Updating Certificate %q: %#v", d.Id(), obj)
headers := make(http.Header)
updateMask := []string{}
if d.HasChange("description") {
updateMask = append(updateMask, "description")
}
if d.HasChange("effective_labels") {
updateMask = append(updateMask, "labels")
}
// updateMask is a URL parameter but not present in the schema, so ReplaceVars
// won't set it
url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
if err != nil {
return err
}
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
// if updateMask is empty we are not updating anything so skip the post
if len(updateMask) > 0 {
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "PATCH",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Body: obj,
Timeout: d.Timeout(schema.TimeoutUpdate),
Headers: headers,
})
if err != nil {
return fmt.Errorf("Error updating Certificate %q: %s", d.Id(), err)
} else {
log.Printf("[DEBUG] Finished updating Certificate %q: %#v", d.Id(), res)
}
err = CertificateManagerOperationWaitTime(
config, res, project, "Updating Certificate", userAgent,
d.Timeout(schema.TimeoutUpdate))
if err != nil {
return err
}
}
return resourceCertificateManagerCertificateRead(d, meta)
}
func resourceCertificateManagerCertificateDelete(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for Certificate: %s", err)
}
billingProject = project
url, err := tpgresource.ReplaceVars(d, config, "{{CertificateManagerBasePath}}projects/{{project}}/locations/{{location}}/certificates/{{name}}")
if err != nil {
return err
}
var obj map[string]interface{}
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
headers := make(http.Header)
log.Printf("[DEBUG] Deleting Certificate %q", d.Id())
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "DELETE",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Body: obj,
Timeout: d.Timeout(schema.TimeoutDelete),
Headers: headers,
})
if err != nil {
return transport_tpg.HandleNotFoundError(err, d, "Certificate")
}
err = CertificateManagerOperationWaitTime(
config, res, project, "Deleting Certificate", userAgent,
d.Timeout(schema.TimeoutDelete))
if err != nil {
return err
}
log.Printf("[DEBUG] Finished deleting Certificate %q: %#v", d.Id(), res)
return nil
}
func resourceCertificateManagerCertificateImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
config := meta.(*transport_tpg.Config)
if err := tpgresource.ParseImportId([]string{
"^projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/certificates/(?P<name>[^/]+)$",
"^(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<name>[^/]+)$",
"^(?P<location>[^/]+)/(?P<name>[^/]+)$",
}, d, config); err != nil {
return nil, err
}
// Replace import id for the resource id
id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/certificates/{{name}}")
if err != nil {
return nil, fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)
return []*schema.ResourceData{d}, nil
}
func flattenCertificateManagerCertificateDescription(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
transformed := make(map[string]interface{})
if l, ok := d.GetOkExists("labels"); ok {
for k := range l.(map[string]interface{}) {
transformed[k] = v.(map[string]interface{})[k]
}
}
return transformed
}
func flattenCertificateManagerCertificateScope(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateSanDnsnames(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManaged(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["domains"] =
flattenCertificateManagerCertificateManagedDomains(original["domains"], d, config)
transformed["dns_authorizations"] =
flattenCertificateManagerCertificateManagedDnsAuthorizations(original["dnsAuthorizations"], d, config)
transformed["issuance_config"] =
flattenCertificateManagerCertificateManagedIssuanceConfig(original["issuanceConfig"], d, config)
transformed["state"] =
flattenCertificateManagerCertificateManagedState(original["state"], d, config)
transformed["provisioning_issue"] =
flattenCertificateManagerCertificateManagedProvisioningIssue(original["provisioningIssue"], d, config)
transformed["authorization_attempt_info"] =
flattenCertificateManagerCertificateManagedAuthorizationAttemptInfo(original["authorizationAttemptInfo"], d, config)
return []interface{}{transformed}
}
func flattenCertificateManagerCertificateManagedDomains(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedDnsAuthorizations(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedIssuanceConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedState(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedProvisioningIssue(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["reason"] =
flattenCertificateManagerCertificateManagedProvisioningIssueReason(original["reason"], d, config)
transformed["details"] =
flattenCertificateManagerCertificateManagedProvisioningIssueDetails(original["details"], d, config)
return []interface{}{transformed}
}
func flattenCertificateManagerCertificateManagedProvisioningIssueReason(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedProvisioningIssueDetails(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfo(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
l := v.([]interface{})
transformed := make([]interface{}, 0, len(l))
for _, raw := range l {
original := raw.(map[string]interface{})
if len(original) < 1 {
// Do not include empty json objects coming back from the api
continue
}
transformed = append(transformed, map[string]interface{}{
"domain": flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(original["domain"], d, config),
"state": flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoState(original["state"], d, config),
"failure_reason": flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(original["failureReason"], d, config),
"details": flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(original["details"], d, config),
})
}
return transformed
}
func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoState(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenCertificateManagerCertificateTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
transformed := make(map[string]interface{})
if l, ok := d.GetOkExists("terraform_labels"); ok {
for k := range l.(map[string]interface{}) {
transformed[k] = v.(map[string]interface{})[k]
}
}
return transformed
}
func flattenCertificateManagerCertificateEffectiveLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func expandCertificateManagerCertificateDescription(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateScope(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateSelfManaged(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedCertificatePem, err := expandCertificateManagerCertificateSelfManagedCertificatePem(original["certificate_pem"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedCertificatePem); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["certificatePem"] = transformedCertificatePem
}
transformedPrivateKeyPem, err := expandCertificateManagerCertificateSelfManagedPrivateKeyPem(original["private_key_pem"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedPrivateKeyPem); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["privateKeyPem"] = transformedPrivateKeyPem
}
transformedPemCertificate, err := expandCertificateManagerCertificateSelfManagedPemCertificate(original["pem_certificate"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedPemCertificate); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["pemCertificate"] = transformedPemCertificate
}
transformedPemPrivateKey, err := expandCertificateManagerCertificateSelfManagedPemPrivateKey(original["pem_private_key"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedPemPrivateKey); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["pemPrivateKey"] = transformedPemPrivateKey
}
return transformed, nil
}
func expandCertificateManagerCertificateSelfManagedCertificatePem(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateSelfManagedPrivateKeyPem(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateSelfManagedPemCertificate(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateSelfManagedPemPrivateKey(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManaged(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedDomains, err := expandCertificateManagerCertificateManagedDomains(original["domains"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedDomains); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["domains"] = transformedDomains
}
transformedDnsAuthorizations, err := expandCertificateManagerCertificateManagedDnsAuthorizations(original["dns_authorizations"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedDnsAuthorizations); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["dnsAuthorizations"] = transformedDnsAuthorizations
}
transformedIssuanceConfig, err := expandCertificateManagerCertificateManagedIssuanceConfig(original["issuance_config"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedIssuanceConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["issuanceConfig"] = transformedIssuanceConfig
}
transformedState, err := expandCertificateManagerCertificateManagedState(original["state"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedState); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["state"] = transformedState
}
transformedProvisioningIssue, err := expandCertificateManagerCertificateManagedProvisioningIssue(original["provisioning_issue"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedProvisioningIssue); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["provisioningIssue"] = transformedProvisioningIssue
}
transformedAuthorizationAttemptInfo, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfo(original["authorization_attempt_info"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAuthorizationAttemptInfo); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["authorizationAttemptInfo"] = transformedAuthorizationAttemptInfo
}
return transformed, nil
}
func expandCertificateManagerCertificateManagedDomains(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedDnsAuthorizations(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedIssuanceConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedState(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedProvisioningIssue(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedReason, err := expandCertificateManagerCertificateManagedProvisioningIssueReason(original["reason"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedReason); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["reason"] = transformedReason
}
transformedDetails, err := expandCertificateManagerCertificateManagedProvisioningIssueDetails(original["details"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedDetails); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["details"] = transformedDetails
}
return transformed, nil
}
func expandCertificateManagerCertificateManagedProvisioningIssueReason(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedProvisioningIssueDetails(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedAuthorizationAttemptInfo(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
req := make([]interface{}, 0, len(l))
for _, raw := range l {
if raw == nil {
continue
}
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedDomain, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(original["domain"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedDomain); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["domain"] = transformedDomain
}
transformedState, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoState(original["state"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedState); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["state"] = transformedState
}
transformedFailureReason, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(original["failure_reason"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedFailureReason); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["failureReason"] = transformedFailureReason
}
transformedDetails, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(original["details"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedDetails); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["details"] = transformedDetails
}
req = append(req, transformed)
}
return req, nil
}
func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoState(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandCertificateManagerCertificateEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
}
m := make(map[string]string)
for k, val := range v.(map[string]interface{}) {
m[k] = val.(string)
}
return m, nil
}
func ResourceCertificateManagerCertificateUpgradeV0(_ context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
log.Printf("[DEBUG] Attributes before migration: %#v", rawState)
// Version 0 didn't support location. Default it to global.
rawState["location"] = "global"
log.Printf("[DEBUG] Attributes after migration: %#v", rawState)
return rawState, nil
}
func resourceCertificateManagerCertificateResourceV0() *schema.Resource {
return &schema.Resource{
Create: resourceCertificateManagerCertificateCreate,
Read: resourceCertificateManagerCertificateRead,
Update: resourceCertificateManagerCertificateUpdate,
Delete: resourceCertificateManagerCertificateDelete,
Importer: &schema.ResourceImporter{
State: resourceCertificateManagerCertificateImport,
},
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(20 * time.Minute),
Update: schema.DefaultTimeout(20 * time.Minute),
Delete: schema.DefaultTimeout(20 * time.Minute),
},
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: `A user-defined name of the certificate. Certificate names must be unique
The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,
and all following characters must be a dash, underscore, letter or digit.`,
},
"description": {
Type: schema.TypeString,
Optional: true,
Description: `A human-readable description of the resource.`,
},
"labels": {
Type: schema.TypeMap,
Optional: true,
Description: `Set of label tags associated with the Certificate resource.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"managed": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `Configuration and state of a Managed Certificate.
Certificate Manager provisions and renews Managed Certificates
automatically, for as long as it's authorized to do so.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"dns_authorizations": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
DiffSuppressFunc: tpgresource.ProjectNumberDiffSuppress,
Description: `Authorizations that will be used for performing domain authorization`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"domains": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `The domains for which a managed SSL certificate will be generated.
Wildcard domains are only supported with DNS challenge resolution`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"authorization_attempt_info": {
Type: schema.TypeList,
Computed: true,
Description: `Detailed state of the latest authorization attempt for each domain
specified for this Managed Certificate.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"details": {
Type: schema.TypeString,
Computed: true,
Description: `Human readable explanation for reaching the state. Provided to help
address the configuration issues.
Not guaranteed to be stable. For programmatic access use 'failure_reason' field.`,
},
"domain": {
Type: schema.TypeString,
Computed: true,
Description: `Domain name of the authorization attempt.`,
},
"failure_reason": {
Type: schema.TypeString,
Computed: true,
Description: `Reason for failure of the authorization attempt for the domain.`,
},
"state": {
Type: schema.TypeString,
Computed: true,
Description: `State of the domain for managed certificate issuance.`,
},
},
},
},
"provisioning_issue": {
Type: schema.TypeList,
Computed: true,
Description: `Information about issues with provisioning this Managed Certificate.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"details": {
Type: schema.TypeString,
Computed: true,
Description: `Human readable explanation about the issue. Provided to help address
the configuration issues.
Not guaranteed to be stable. For programmatic access use 'reason' field.`,
},
"reason": {
Type: schema.TypeString,
Computed: true,
Description: `Reason for provisioning failures.`,
},
},
},
},
"state": {
Type: schema.TypeString,
Computed: true,
Description: `A state of this Managed Certificate.`,
},
},
},
ExactlyOneOf: []string{"self_managed", "managed"},
},
"scope": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
DiffSuppressFunc: certManagerDefaultScopeDiffSuppress,
Description: `The scope of the certificate.
DEFAULT: Certificates with default scope are served from core Google data centers.
If unsure, choose this option.
EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,
served from non-core Google data centers.
Currently allowed only for managed certificates.`,
Default: "DEFAULT",
},
"self_managed": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `Certificate data for a SelfManaged Certificate.
SelfManaged Certificates are uploaded by the user. Updating such
certificates before they expire remains the user's responsibility.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate_pem": {
Type: schema.TypeString,
Optional: true,
Deprecated: "Deprecated in favor of `pem_certificate`",
Description: `**Deprecated** The certificate chain in PEM-encoded form.
Leaf certificate comes first, followed by intermediate ones if any.`,
Sensitive: true,
ExactlyOneOf: []string{"self_managed.0.certificate_pem", "self_managed.0.pem_certificate"},
},
"pem_certificate": {
Type: schema.TypeString,
Optional: true,
Description: `The certificate chain in PEM-encoded form.
Leaf certificate comes first, followed by intermediate ones if any.`,
ExactlyOneOf: []string{"self_managed.0.certificate_pem", "self_managed.0.pem_certificate"},
},
"pem_private_key": {
Type: schema.TypeString,
Optional: true,
Description: `The private key of the leaf certificate in PEM-encoded form.`,
Sensitive: true,
ExactlyOneOf: []string{"self_managed.0.private_key_pem", "self_managed.0.pem_private_key"},
},
"private_key_pem": {
Type: schema.TypeString,
Optional: true,
Deprecated: "Deprecated in favor of `pem_private_key`",
Description: `**Deprecated** The private key of the leaf certificate in PEM-encoded form.`,
Sensitive: true,
ExactlyOneOf: []string{"self_managed.0.private_key_pem", "self_managed.0.pem_private_key"},
},
},
},
ExactlyOneOf: []string{"self_managed", "managed"},
},
"project": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
},
},
UseJSONNumber: true,
}
}