-
Notifications
You must be signed in to change notification settings - Fork 645
/
data_source_ibm_kms_kmip_client_certificate.go
132 lines (117 loc) · 3.85 KB
/
data_source_ibm_kms_kmip_client_certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
// Copyright IBM Corp. 2017, 2021 All Rights Reserved.
// Licensed under the Mozilla Public License v2.0
package kms
import (
"context"
"fmt"
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
func dataSourceIBMKmsKMIPClientCertificateBaseSchema() map[string]*schema.Schema {
return map[string]*schema.Schema{
"cert_id": {
Type: schema.TypeString,
Computed: true,
Description: "The id of the KMIP Client Certificate to be fetched",
},
"name": {
Type: schema.TypeString,
Computed: true,
Description: "The name of the KMIP Client Certificate to be fetched",
},
"certificate": {
Type: schema.TypeString,
Computed: true,
Sensitive: true,
Description: "The PEM-encoded contents of the certificate",
},
"created_by": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The unique identifier that is associated with the entity that created the adapter.",
},
"created_at": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Description: "The date when a resource was created. The date format follows RFC 3339.",
},
}
}
func DataSourceIBMKmsKMIPClientCertificate() *schema.Resource {
baseMap := dataSourceIBMKmsKMIPClientCertificateBaseSchema()
baseMap["endpoint_type"] = &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validate.ValidateAllowedStringValues([]string{"public", "private"}),
Description: "public or private",
}
baseMap["instance_id"] = &schema.Schema{
Type: schema.TypeString,
Required: true,
Description: "Key protect Instance GUID",
ForceNew: true,
DiffSuppressFunc: suppressKMSInstanceIDDiff,
}
baseMap["adapter_id"] = &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "The id of the KMIP adapter that contains the cert",
ForceNew: true,
ExactlyOneOf: []string{"adapter_id", "adapter_name"},
}
baseMap["adapter_name"] = &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "The name of the KMIP adapter that contains the cert",
ForceNew: true,
ExactlyOneOf: []string{"adapter_id", "adapter_name"},
}
baseMap["cert_id"].Optional = true
baseMap["cert_id"].ExactlyOneOf = []string{"cert_id", "name"}
baseMap["name"].Optional = true
baseMap["name"].ExactlyOneOf = []string{"cert_id", "name"}
return &schema.Resource{
Read: dataSourceIBMKmsKMIPClientCertRead,
Importer: &schema.ResourceImporter{},
Schema: baseMap,
}
}
func dataSourceIBMKmsKMIPClientCertRead(d *schema.ResourceData, meta interface{}) error {
// initialize API
instanceID := getInstanceIDFromResourceData(d, "instance_id")
kpAPI, _, err := populateKPClient(d, meta, instanceID)
if err != nil {
return err
}
// get adapterID and certID
nameOrID, hasID := d.GetOk("adapter_id")
if !hasID {
nameOrID, hasID = d.GetOk("adapter_name")
}
adapterNameOrID := nameOrID.(string)
nameOrID, hasID = d.GetOk("cert_id")
if !hasID {
nameOrID = d.Get("name")
}
certNameOrID := nameOrID.(string)
ctx := context.Background()
adapter, err := kpAPI.GetKMIPAdapter(ctx, adapterNameOrID)
if err != nil {
return fmt.Errorf("[ERROR] Error while retriving KMIP adapter to get certificate: %s", err)
}
if err = d.Set("adapter_id", adapter.ID); err != nil {
return fmt.Errorf("[ERROR] Error setting adapter_id: %s", err)
}
if err = d.Set("adapter_name", adapter.Name); err != nil {
return fmt.Errorf("[ERROR] Error setting adapter_name: %s", err)
}
cert, err := kpAPI.GetKMIPClientCertificate(ctx, adapterNameOrID, certNameOrID)
if err != nil {
return err
}
populateKMIPClientCertSchemaDataFromStruct(d, *cert, adapter.ID, instanceID)
return nil
}