Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / b9c4dd45f637f009e6ebbee053c562b25e63e4f7 / . / v6.2.0 / google-beta / services / privateca / resource_privateca_ca_pool.go
blob: d31e2377bf88a71f3ecbc1c915d75c144b1df84a [file] [log] [blame]
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** Type: MMv1 ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Magic Modules and manual
// changes will be clobbered when the file is regenerated.
//
// Please read more about how to change this file in
// .github/CONTRIBUTING.md.
//
// ----------------------------------------------------------------------------
package privateca
import (
"fmt"
"log"
"net/http"
"reflect"
"strings"
"time"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
"github.com/hashicorp/terraform-provider-google-beta/google-beta/verify"
)
func ResourcePrivatecaCaPool() *schema.Resource {
return &schema.Resource{
Create: resourcePrivatecaCaPoolCreate,
Read: resourcePrivatecaCaPoolRead,
Update: resourcePrivatecaCaPoolUpdate,
Delete: resourcePrivatecaCaPoolDelete,
Importer: &schema.ResourceImporter{
State: resourcePrivatecaCaPoolImport,
},
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(20 * time.Minute),
Update: schema.DefaultTimeout(20 * time.Minute),
Delete: schema.DefaultTimeout(20 * time.Minute),
},
CustomizeDiff: customdiff.All(
tpgresource.SetLabelsDiff,
tpgresource.DefaultProviderProject,
),
Schema: map[string]*schema.Schema{
"location": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: `Location of the CaPool. A full list of valid locations can be found by
running 'gcloud privateca locations list'.`,
},
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: `The name for this CaPool.`,
},
"tier": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: verify.ValidateEnum([]string{"ENTERPRISE", "DEVOPS"}),
Description: `The Tier of this CaPool. Possible values: ["ENTERPRISE", "DEVOPS"]`,
},
"issuance_policy": {
Type: schema.TypeList,
Optional: true,
Description: `The IssuancePolicy to control how Certificates will be issued from this CaPool.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"allowed_issuance_modes": {
Type: schema.TypeList,
Optional: true,
Description: `IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"allow_config_based_issuance": {
Type: schema.TypeBool,
Required: true,
Description: `When true, allows callers to create Certificates by specifying a CertificateConfig.`,
},
"allow_csr_based_issuance": {
Type: schema.TypeBool,
Required: true,
Description: `When true, allows callers to create Certificates by specifying a CSR.`,
},
},
},
},
"allowed_key_types": {
Type: schema.TypeList,
Optional: true,
Description: `If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here.
Otherwise, any key may be used.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"elliptic_curve": {
Type: schema.TypeList,
Optional: true,
Description: `Represents an allowed Elliptic Curve key type.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"signature_algorithm": {
Type: schema.TypeString,
Required: true,
ValidateFunc: verify.ValidateEnum([]string{"ECDSA_P256", "ECDSA_P384", "EDDSA_25519"}),
Description: `The algorithm used. Possible values: ["ECDSA_P256", "ECDSA_P384", "EDDSA_25519"]`,
},
},
},
},
"rsa": {
Type: schema.TypeList,
Optional: true,
Description: `Describes an RSA key that may be used in a Certificate issued from a CaPool.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"max_modulus_size": {
Type: schema.TypeString,
Optional: true,
Description: `The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the
service will not enforce an explicit upper bound on RSA modulus sizes.`,
},
"min_modulus_size": {
Type: schema.TypeString,
Optional: true,
Description: `The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the
service-level min RSA modulus size will continue to apply.`,
},
},
},
},
},
},
},
"baseline_values": {
Type: schema.TypeList,
Optional: true,
Description: `A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request
includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate
request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate
issuance request will fail.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"ca_options": {
Type: schema.TypeList,
Required: true,
Description: `Describes values that are relevant in a CA certificate.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"is_ca": {
Type: schema.TypeBool,
Optional: true,
Description: `When true, the "CA" in Basic Constraints extension will be set to true.`,
},
"max_issuer_path_length": {
Type: schema.TypeInt,
Optional: true,
Description: `Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of
subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.`,
},
"non_ca": {
Type: schema.TypeBool,
Optional: true,
Description: `When true, the "CA" in Basic Constraints extension will be set to false.
If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.`,
},
"zero_max_issuer_path_length": {
Type: schema.TypeBool,
Optional: true,
Description: `When true, the "path length constraint" in Basic Constraints extension will be set to 0.
if both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,
the max path length will be omitted from the CA certificate.`,
},
},
},
},
"key_usage": {
Type: schema.TypeList,
Required: true,
Description: `Indicates the intended use for keys that correspond to a certificate.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"base_key_usage": {
Type: schema.TypeList,
Required: true,
Description: `Describes high-level ways in which a key may be used.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cert_sign": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used to sign certificates.`,
},
"content_commitment": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".`,
},
"crl_sign": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used sign certificate revocation lists.`,
},
"data_encipherment": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used to encipher data.`,
},
"decipher_only": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used to decipher only.`,
},
"digital_signature": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used for digital signatures.`,
},
"encipher_only": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used to encipher only.`,
},
"key_agreement": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used in a key agreement protocol.`,
},
"key_encipherment": {
Type: schema.TypeBool,
Optional: true,
Description: `The key may be used to encipher other keys.`,
},
},
},
},
"extended_key_usage": {
Type: schema.TypeList,
Required: true,
Description: `Describes high-level ways in which a key may be used.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"client_auth": {
Type: schema.TypeBool,
Optional: true,
Description: `Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.`,
},
"code_signing": {
Type: schema.TypeBool,
Optional: true,
Description: `Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".`,
},
"email_protection": {
Type: schema.TypeBool,
Optional: true,
Description: `Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".`,
},
"ocsp_signing": {
Type: schema.TypeBool,
Optional: true,
Description: `Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".`,
},
"server_auth": {
Type: schema.TypeBool,
Optional: true,
Description: `Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.`,
},
"time_stamping": {
Type: schema.TypeBool,
Optional: true,
Description: `Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".`,
},
},
},
},
"unknown_extended_key_usages": {
Type: schema.TypeList,
Optional: true,
Description: `An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"object_id_path": {
Type: schema.TypeList,
Required: true,
Description: `An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.`,
Elem: &schema.Schema{
Type: schema.TypeInt,
},
},
},
},
},
},
},
},
"additional_extensions": {
Type: schema.TypeList,
Optional: true,
Description: `Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"critical": {
Type: schema.TypeBool,
Required: true,
Description: `Indicates whether or not this extension is critical (i.e., if the client does not know how to
handle this extension, the client should consider this to be an error).`,
},
"object_id": {
Type: schema.TypeList,
Required: true,
Description: `Describes values that are relevant in a CA certificate.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"object_id_path": {
Type: schema.TypeList,
Required: true,
Description: `An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.`,
Elem: &schema.Schema{
Type: schema.TypeInt,
},
},
},
},
},
"value": {
Type: schema.TypeString,
Required: true,
Description: `The value of this X.509 extension. A base64-encoded string.`,
},
},
},
},
"aia_ocsp_servers": {
Type: schema.TypeList,
Optional: true,
Description: `Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the
"Authority Information Access" extension in the certificate.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"name_constraints": {
Type: schema.TypeList,
Optional: true,
Description: `Describes the X.509 name constraints extension.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"critical": {
Type: schema.TypeBool,
Required: true,
Description: `Indicates whether or not the name constraints are marked critical.`,
},
"excluded_dns_names": {
Type: schema.TypeList,
Optional: true,
Description: `Contains excluded DNS names. Any DNS name that can be
constructed by simply adding zero or more labels to
the left-hand side of the name satisfies the name constraint.
For example, 'example.com', 'www.example.com', 'www.sub.example.com'
would satisfy 'example.com' while 'example1.com' does not.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"excluded_email_addresses": {
Type: schema.TypeList,
Optional: true,
Description: `Contains the excluded email addresses. The value can be a particular
email address, a hostname to indicate all email addresses on that host or
a domain with a leading period (e.g. '.example.com') to indicate
all email addresses in that domain.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"excluded_ip_ranges": {
Type: schema.TypeList,
Optional: true,
Description: `Contains the excluded IP ranges. For IPv4 addresses, the ranges
are expressed using CIDR notation as specified in RFC 4632.
For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
addresses.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"excluded_uris": {
Type: schema.TypeList,
Optional: true,
Description: `Contains the excluded URIs that apply to the host part of the name.
The value can be a hostname or a domain with a
leading period (like '.example.com')`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"permitted_dns_names": {
Type: schema.TypeList,
Optional: true,
Description: `Contains permitted DNS names. Any DNS name that can be
constructed by simply adding zero or more labels to
the left-hand side of the name satisfies the name constraint.
For example, 'example.com', 'www.example.com', 'www.sub.example.com'
would satisfy 'example.com' while 'example1.com' does not.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"permitted_email_addresses": {
Type: schema.TypeList,
Optional: true,
Description: `Contains the permitted email addresses. The value can be a particular
email address, a hostname to indicate all email addresses on that host or
a domain with a leading period (e.g. '.example.com') to indicate
all email addresses in that domain.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"permitted_ip_ranges": {
Type: schema.TypeList,
Optional: true,
Description: `Contains the permitted IP ranges. For IPv4 addresses, the ranges
are expressed using CIDR notation as specified in RFC 4632.
For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
addresses.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"permitted_uris": {
Type: schema.TypeList,
Optional: true,
Description: `Contains the permitted URIs that apply to the host part of the name.
The value can be a hostname or a domain with a
leading period (like '.example.com')`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"policy_ids": {
Type: schema.TypeList,
Optional: true,
Description: `Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"object_id_path": {
Type: schema.TypeList,
Required: true,
Description: `An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.`,
Elem: &schema.Schema{
Type: schema.TypeInt,
},
},
},
},
},
},
},
},
"identity_constraints": {
Type: schema.TypeList,
Optional: true,
Description: `Describes constraints on identities that may appear in Certificates issued through this CaPool.
If this is omitted, then this CaPool will not add restrictions on a certificate's identity.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"allow_subject_alt_names_passthrough": {
Type: schema.TypeBool,
Required: true,
Description: `If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate.
Otherwise, the requested SubjectAltNames will be discarded.`,
},
"allow_subject_passthrough": {
Type: schema.TypeBool,
Required: true,
Description: `If this is set, the Subject field may be copied from a certificate request into the signed certificate.
Otherwise, the requested Subject will be discarded.`,
},
"cel_expression": {
Type: schema.TypeList,
Optional: true,
Description: `A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a
certificate is signed. To see the full allowed syntax and some examples,
see https://cloud.google.com/certificate-authority-service/docs/cel-guide`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"expression": {
Type: schema.TypeString,
Required: true,
Description: `Textual representation of an expression in Common Expression Language syntax.`,
},
"description": {
Type: schema.TypeString,
Optional: true,
Description: `Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.`,
},
"location": {
Type: schema.TypeString,
Optional: true,
Description: `String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.`,
},
"title": {
Type: schema.TypeString,
Optional: true,
Description: `Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.`,
},
},
},
},
},
},
},
"maximum_lifetime": {
Type: schema.TypeString,
Optional: true,
Description: `The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority
expires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it.`,
},
},
},
},
"labels": {
Type: schema.TypeMap,
Optional: true,
Description: `Labels with user-defined metadata.
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass":
"1.3kg", "count": "3" }.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field 'effective_labels' for all of the labels present on the resource.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"publishing_options": {
Type: schema.TypeList,
Optional: true,
DiffSuppressFunc: tpgresource.EmptyOrUnsetBlockDiffSuppress,
Description: `The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"publish_ca_cert": {
Type: schema.TypeBool,
Required: true,
Description: `When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access"
X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding
X.509 extension will not be written in issued certificates.`,
},
"publish_crl": {
Type: schema.TypeBool,
Required: true,
Description: `When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension
in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not
be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are
also rebuilt shortly after a certificate is revoked.`,
},
"encoding_format": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: verify.ValidateEnum([]string{"PEM", "DER", ""}),
Description: `Specifies the encoding format of each CertificateAuthority's CA
certificate and CRLs. If this is omitted, CA certificates and CRLs
will be published in PEM. Possible values: ["PEM", "DER"]`,
},
},
},
},
"effective_labels": {
Type: schema.TypeMap,
Computed: true,
Description: `All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"terraform_labels": {
Type: schema.TypeMap,
Computed: true,
Description: `The combination of labels configured directly on the resource
and default labels configured on the provider.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"project": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
},
},
UseJSONNumber: true,
}
}
func resourcePrivatecaCaPoolCreate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
obj := make(map[string]interface{})
tierProp, err := expandPrivatecaCaPoolTier(d.Get("tier"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("tier"); !tpgresource.IsEmptyValue(reflect.ValueOf(tierProp)) && (ok || !reflect.DeepEqual(v, tierProp)) {
obj["tier"] = tierProp
}
issuancePolicyProp, err := expandPrivatecaCaPoolIssuancePolicy(d.Get("issuance_policy"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("issuance_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(issuancePolicyProp)) && (ok || !reflect.DeepEqual(v, issuancePolicyProp)) {
obj["issuancePolicy"] = issuancePolicyProp
}
publishingOptionsProp, err := expandPrivatecaCaPoolPublishingOptions(d.Get("publishing_options"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("publishing_options"); !tpgresource.IsEmptyValue(reflect.ValueOf(publishingOptionsProp)) && (ok || !reflect.DeepEqual(v, publishingOptionsProp)) {
obj["publishingOptions"] = publishingOptionsProp
}
labelsProp, err := expandPrivatecaCaPoolEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("effective_labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(labelsProp)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}
url, err := tpgresource.ReplaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools?caPoolId={{name}}")
if err != nil {
return err
}
log.Printf("[DEBUG] Creating new CaPool: %#v", obj)
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for CaPool: %s", err)
}
billingProject = project
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
headers := make(http.Header)
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "POST",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Body: obj,
Timeout: d.Timeout(schema.TimeoutCreate),
Headers: headers,
})
if err != nil {
return fmt.Errorf("Error creating CaPool: %s", err)
}
// Store the ID now
id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/caPools/{{name}}")
if err != nil {
return fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)
// Use the resource in the operation response to populate
// identity fields and d.Id() before read
var opRes map[string]interface{}
err = PrivatecaOperationWaitTimeWithResponse(
config, res, &opRes, project, "Creating CaPool", userAgent,
d.Timeout(schema.TimeoutCreate))
if err != nil {
// The resource didn't actually create
d.SetId("")
return fmt.Errorf("Error waiting to create CaPool: %s", err)
}
// This may have caused the ID to update - update it if so.
id, err = tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/caPools/{{name}}")
if err != nil {
return fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)
log.Printf("[DEBUG] Finished creating CaPool %q: %#v", d.Id(), res)
return resourcePrivatecaCaPoolRead(d, meta)
}
func resourcePrivatecaCaPoolRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
url, err := tpgresource.ReplaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools/{{name}}")
if err != nil {
return err
}
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for CaPool: %s", err)
}
billingProject = project
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
headers := make(http.Header)
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "GET",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Headers: headers,
})
if err != nil {
return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("PrivatecaCaPool %q", d.Id()))
}
if err := d.Set("project", project); err != nil {
return fmt.Errorf("Error reading CaPool: %s", err)
}
if err := d.Set("tier", flattenPrivatecaCaPoolTier(res["tier"], d, config)); err != nil {
return fmt.Errorf("Error reading CaPool: %s", err)
}
if err := d.Set("issuance_policy", flattenPrivatecaCaPoolIssuancePolicy(res["issuancePolicy"], d, config)); err != nil {
return fmt.Errorf("Error reading CaPool: %s", err)
}
if err := d.Set("publishing_options", flattenPrivatecaCaPoolPublishingOptions(res["publishingOptions"], d, config)); err != nil {
return fmt.Errorf("Error reading CaPool: %s", err)
}
if err := d.Set("labels", flattenPrivatecaCaPoolLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading CaPool: %s", err)
}
if err := d.Set("terraform_labels", flattenPrivatecaCaPoolTerraformLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading CaPool: %s", err)
}
if err := d.Set("effective_labels", flattenPrivatecaCaPoolEffectiveLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading CaPool: %s", err)
}
return nil
}
func resourcePrivatecaCaPoolUpdate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for CaPool: %s", err)
}
billingProject = project
obj := make(map[string]interface{})
issuancePolicyProp, err := expandPrivatecaCaPoolIssuancePolicy(d.Get("issuance_policy"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("issuance_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, issuancePolicyProp)) {
obj["issuancePolicy"] = issuancePolicyProp
}
publishingOptionsProp, err := expandPrivatecaCaPoolPublishingOptions(d.Get("publishing_options"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("publishing_options"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, publishingOptionsProp)) {
obj["publishingOptions"] = publishingOptionsProp
}
labelsProp, err := expandPrivatecaCaPoolEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("effective_labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}
url, err := tpgresource.ReplaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools/{{name}}")
if err != nil {
return err
}
log.Printf("[DEBUG] Updating CaPool %q: %#v", d.Id(), obj)
headers := make(http.Header)
updateMask := []string{}
if d.HasChange("issuance_policy") {
updateMask = append(updateMask, "issuancePolicy")
}
if d.HasChange("publishing_options") {
updateMask = append(updateMask, "publishingOptions")
}
if d.HasChange("effective_labels") {
updateMask = append(updateMask, "labels")
}
// updateMask is a URL parameter but not present in the schema, so ReplaceVars
// won't set it
url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
if err != nil {
return err
}
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
// if updateMask is empty we are not updating anything so skip the post
if len(updateMask) > 0 {
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "PATCH",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Body: obj,
Timeout: d.Timeout(schema.TimeoutUpdate),
Headers: headers,
})
if err != nil {
return fmt.Errorf("Error updating CaPool %q: %s", d.Id(), err)
} else {
log.Printf("[DEBUG] Finished updating CaPool %q: %#v", d.Id(), res)
}
err = PrivatecaOperationWaitTime(
config, res, project, "Updating CaPool", userAgent,
d.Timeout(schema.TimeoutUpdate))
if err != nil {
return err
}
}
return resourcePrivatecaCaPoolRead(d, meta)
}
func resourcePrivatecaCaPoolDelete(d *schema.ResourceData, meta interface{}) error {
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
return err
}
billingProject := ""
project, err := tpgresource.GetProject(d, config)
if err != nil {
return fmt.Errorf("Error fetching project for CaPool: %s", err)
}
billingProject = project
url, err := tpgresource.ReplaceVars(d, config, "{{PrivatecaBasePath}}projects/{{project}}/locations/{{location}}/caPools/{{name}}")
if err != nil {
return err
}
var obj map[string]interface{}
// err == nil indicates that the billing_project value was found
if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
billingProject = bp
}
headers := make(http.Header)
log.Printf("[DEBUG] Deleting CaPool %q", d.Id())
res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
Config: config,
Method: "DELETE",
Project: billingProject,
RawURL: url,
UserAgent: userAgent,
Body: obj,
Timeout: d.Timeout(schema.TimeoutDelete),
Headers: headers,
})
if err != nil {
return transport_tpg.HandleNotFoundError(err, d, "CaPool")
}
err = PrivatecaOperationWaitTime(
config, res, project, "Deleting CaPool", userAgent,
d.Timeout(schema.TimeoutDelete))
if err != nil {
return err
}
log.Printf("[DEBUG] Finished deleting CaPool %q: %#v", d.Id(), res)
return nil
}
func resourcePrivatecaCaPoolImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
config := meta.(*transport_tpg.Config)
if err := tpgresource.ParseImportId([]string{
"^projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/caPools/(?P<name>[^/]+)$",
"^(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<name>[^/]+)$",
"^(?P<location>[^/]+)/(?P<name>[^/]+)$",
}, d, config); err != nil {
return nil, err
}
// Replace import id for the resource id
id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/caPools/{{name}}")
if err != nil {
return nil, fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)
return []*schema.ResourceData{d}, nil
}
func flattenPrivatecaCaPoolTier(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicy(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["allowed_key_types"] =
flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypes(original["allowedKeyTypes"], d, config)
transformed["maximum_lifetime"] =
flattenPrivatecaCaPoolIssuancePolicyMaximumLifetime(original["maximumLifetime"], d, config)
transformed["allowed_issuance_modes"] =
flattenPrivatecaCaPoolIssuancePolicyAllowedIssuanceModes(original["allowedIssuanceModes"], d, config)
transformed["identity_constraints"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraints(original["identityConstraints"], d, config)
transformed["baseline_values"] =
flattenPrivatecaCaPoolIssuancePolicyBaselineValues(original["baselineValues"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypes(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
l := v.([]interface{})
transformed := make([]interface{}, 0, len(l))
for _, raw := range l {
original := raw.(map[string]interface{})
if len(original) < 1 {
// Do not include empty json objects coming back from the api
continue
}
transformed = append(transformed, map[string]interface{}{
"rsa": flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsa(original["rsa"], d, config),
"elliptic_curve": flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurve(original["ellipticCurve"], d, config),
})
}
return transformed
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsa(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["min_modulus_size"] =
flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMinModulusSize(original["minModulusSize"], d, config)
transformed["max_modulus_size"] =
flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMaxModulusSize(original["maxModulusSize"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMinModulusSize(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMaxModulusSize(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurve(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["signature_algorithm"] =
flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurveSignatureAlgorithm(original["signatureAlgorithm"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurveSignatureAlgorithm(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyMaximumLifetime(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedIssuanceModes(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["allow_csr_based_issuance"] =
flattenPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowCsrBasedIssuance(original["allowCsrBasedIssuance"], d, config)
transformed["allow_config_based_issuance"] =
flattenPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowConfigBasedIssuance(original["allowConfigBasedIssuance"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowCsrBasedIssuance(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowConfigBasedIssuance(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraints(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["allow_subject_passthrough"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectPassthrough(original["allowSubjectPassthrough"], d, config)
transformed["allow_subject_alt_names_passthrough"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectAltNamesPassthrough(original["allowSubjectAltNamesPassthrough"], d, config)
transformed["cel_expression"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpression(original["celExpression"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectPassthrough(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectAltNamesPassthrough(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpression(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["expression"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionExpression(original["expression"], d, config)
transformed["title"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionTitle(original["title"], d, config)
transformed["description"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionDescription(original["description"], d, config)
transformed["location"] =
flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionLocation(original["location"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionExpression(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionTitle(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionDescription(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionLocation(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolIssuancePolicyBaselineValues(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
v = make(map[string]interface{})
}
original := v.(map[string]interface{})
transformed := make(map[string]interface{})
transformed["additional_extensions"] =
flattenPrivatecaCertificateConfigX509ConfigAdditionalExtensions(original["additionalExtensions"], d, config)
transformed["policy_ids"] =
flattenPrivatecaCertificateConfigX509ConfigPolicyIds(original["policyIds"], d, config)
transformed["aia_ocsp_servers"] = flattenPrivatecaCertificateConfigX509ConfigAiaOcspServers(original["aiaOcspServers"], d, config)
transformed["ca_options"] =
flattenPrivatecaCertificateConfigX509ConfigCaOptions(original["caOptions"], d, config)
transformed["key_usage"] =
flattenPrivatecaCertificateConfigX509ConfigKeyUsage(original["keyUsage"], d, config)
transformed["name_constraints"] =
flattenPrivatecaCertificateConfigX509ConfigNameConstraints(original["nameConstraints"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolPublishingOptions(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["publish_ca_cert"] =
flattenPrivatecaCaPoolPublishingOptionsPublishCaCert(original["publishCaCert"], d, config)
transformed["publish_crl"] =
flattenPrivatecaCaPoolPublishingOptionsPublishCrl(original["publishCrl"], d, config)
transformed["encoding_format"] =
flattenPrivatecaCaPoolPublishingOptionsEncodingFormat(original["encodingFormat"], d, config)
return []interface{}{transformed}
}
func flattenPrivatecaCaPoolPublishingOptionsPublishCaCert(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolPublishingOptionsPublishCrl(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolPublishingOptionsEncodingFormat(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func flattenPrivatecaCaPoolLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
transformed := make(map[string]interface{})
if l, ok := d.GetOkExists("labels"); ok {
for k := range l.(map[string]interface{}) {
transformed[k] = v.(map[string]interface{})[k]
}
}
return transformed
}
func flattenPrivatecaCaPoolTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
transformed := make(map[string]interface{})
if l, ok := d.GetOkExists("terraform_labels"); ok {
for k := range l.(map[string]interface{}) {
transformed[k] = v.(map[string]interface{})[k]
}
}
return transformed
}
func flattenPrivatecaCaPoolEffectiveLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
func expandPrivatecaCaPoolTier(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicy(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedAllowedKeyTypes, err := expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypes(original["allowed_key_types"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAllowedKeyTypes); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["allowedKeyTypes"] = transformedAllowedKeyTypes
}
transformedMaximumLifetime, err := expandPrivatecaCaPoolIssuancePolicyMaximumLifetime(original["maximum_lifetime"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedMaximumLifetime); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["maximumLifetime"] = transformedMaximumLifetime
}
transformedAllowedIssuanceModes, err := expandPrivatecaCaPoolIssuancePolicyAllowedIssuanceModes(original["allowed_issuance_modes"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAllowedIssuanceModes); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["allowedIssuanceModes"] = transformedAllowedIssuanceModes
}
transformedIdentityConstraints, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraints(original["identity_constraints"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedIdentityConstraints); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["identityConstraints"] = transformedIdentityConstraints
}
transformedBaselineValues, err := expandPrivatecaCaPoolIssuancePolicyBaselineValues(original["baseline_values"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedBaselineValues); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["baselineValues"] = transformedBaselineValues
}
return transformed, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypes(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
req := make([]interface{}, 0, len(l))
for _, raw := range l {
if raw == nil {
continue
}
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedRsa, err := expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsa(original["rsa"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedRsa); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["rsa"] = transformedRsa
}
transformedEllipticCurve, err := expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurve(original["elliptic_curve"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedEllipticCurve); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["ellipticCurve"] = transformedEllipticCurve
}
req = append(req, transformed)
}
return req, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsa(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedMinModulusSize, err := expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMinModulusSize(original["min_modulus_size"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedMinModulusSize); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["minModulusSize"] = transformedMinModulusSize
}
transformedMaxModulusSize, err := expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMaxModulusSize(original["max_modulus_size"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedMaxModulusSize); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["maxModulusSize"] = transformedMaxModulusSize
}
return transformed, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMinModulusSize(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesRsaMaxModulusSize(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurve(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedSignatureAlgorithm, err := expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurveSignatureAlgorithm(original["signature_algorithm"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedSignatureAlgorithm); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["signatureAlgorithm"] = transformedSignatureAlgorithm
}
return transformed, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedKeyTypesEllipticCurveSignatureAlgorithm(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyMaximumLifetime(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedIssuanceModes(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedAllowCsrBasedIssuance, err := expandPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowCsrBasedIssuance(original["allow_csr_based_issuance"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAllowCsrBasedIssuance); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["allowCsrBasedIssuance"] = transformedAllowCsrBasedIssuance
}
transformedAllowConfigBasedIssuance, err := expandPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowConfigBasedIssuance(original["allow_config_based_issuance"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedAllowConfigBasedIssuance); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["allowConfigBasedIssuance"] = transformedAllowConfigBasedIssuance
}
return transformed, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowCsrBasedIssuance(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyAllowedIssuanceModesAllowConfigBasedIssuance(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraints(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedAllowSubjectPassthrough, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectPassthrough(original["allow_subject_passthrough"], d, config)
if err != nil {
return nil, err
} else {
transformed["allowSubjectPassthrough"] = transformedAllowSubjectPassthrough
}
transformedAllowSubjectAltNamesPassthrough, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectAltNamesPassthrough(original["allow_subject_alt_names_passthrough"], d, config)
if err != nil {
return nil, err
} else {
transformed["allowSubjectAltNamesPassthrough"] = transformedAllowSubjectAltNamesPassthrough
}
transformedCelExpression, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpression(original["cel_expression"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedCelExpression); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["celExpression"] = transformedCelExpression
}
return transformed, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectPassthrough(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsAllowSubjectAltNamesPassthrough(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpression(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedExpression, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionExpression(original["expression"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedExpression); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["expression"] = transformedExpression
}
transformedTitle, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionTitle(original["title"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedTitle); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["title"] = transformedTitle
}
transformedDescription, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionDescription(original["description"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedDescription); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["description"] = transformedDescription
}
transformedLocation, err := expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionLocation(original["location"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedLocation); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["location"] = transformedLocation
}
return transformed, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionExpression(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionTitle(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionDescription(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyIdentityConstraintsCelExpressionLocation(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolIssuancePolicyBaselineValues(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
if v == nil {
return v, nil
}
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
if len(original) == 0 {
return nil, nil
}
transformed := make(map[string]interface{})
caOptions, err := expandPrivatecaCertificateConfigX509ConfigCaOptions(original["ca_options"], d, config)
if err != nil {
return nil, err
}
transformed["caOptions"] = caOptions
keyUsage, err := expandPrivatecaCertificateConfigX509ConfigKeyUsage(original["key_usage"], d, config)
if err != nil {
return nil, err
}
transformed["keyUsage"] = keyUsage
policyIds, err := expandPrivatecaCertificateConfigX509ConfigPolicyIds(original["policy_ids"], d, config)
if err != nil {
return nil, err
}
transformed["policyIds"] = policyIds
aiaOcspServers, err := expandPrivatecaCertificateConfigX509ConfigAiaOcspServers(original["aia_ocsp_servers"], d, config)
if err != nil {
return nil, err
}
transformed["aiaOcspServers"] = aiaOcspServers
addExts, err := expandPrivatecaCertificateConfigX509ConfigAdditionalExtensions(original["additional_extensions"], d, config)
if err != nil {
return nil, err
}
transformed["additionalExtensions"] = addExts
nameConstraints, err := expandPrivatecaCertificateConfigX509ConfigNameConstraints(original["name_constraints"], d, config)
if err != nil {
return nil, err
}
transformed["nameConstraints"] = nameConstraints
return transformed, nil
}
func expandPrivatecaCaPoolPublishingOptions(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})
transformedPublishCaCert, err := expandPrivatecaCaPoolPublishingOptionsPublishCaCert(original["publish_ca_cert"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedPublishCaCert); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["publishCaCert"] = transformedPublishCaCert
}
transformedPublishCrl, err := expandPrivatecaCaPoolPublishingOptionsPublishCrl(original["publish_crl"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedPublishCrl); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["publishCrl"] = transformedPublishCrl
}
transformedEncodingFormat, err := expandPrivatecaCaPoolPublishingOptionsEncodingFormat(original["encoding_format"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedEncodingFormat); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["encodingFormat"] = transformedEncodingFormat
}
return transformed, nil
}
func expandPrivatecaCaPoolPublishingOptionsPublishCaCert(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolPublishingOptionsPublishCrl(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolPublishingOptionsEncodingFormat(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
func expandPrivatecaCaPoolEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
}
m := make(map[string]string)
for k, val := range v.(map[string]interface{}) {
m[k] = val.(string)
}
return m, nil
}