Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add logic to renew the origin_ca_certificate when expires #2048

Merged
merged 11 commits into from Nov 28, 2022
Merged

Add logic to renew the origin_ca_certificate when expires #2048

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
b635fe4
First version
Nov 22, 2022
03e6618
Renaming changelog
Nov 22, 2022
0b0f945
Merge branch 'master' into cert-renewal
peruzzof Nov 23, 2022
b368a6f
Fixing lint issues
Nov 23, 2022
9bfe4ab
Fix error handling
Nov 23, 2022
4cb4972
Ling issues in schema file
Nov 23, 2022
3098416
Change how to format error
Nov 23, 2022
dd2ffb2
Simplified the code
Nov 23, 2022
27818d4
Merge branch 'master' into cert-renewal
Nov 25, 2022
1ac0daf
Restoring UpdateContext
Nov 25, 2022
b3526c8
`make docs`
jacobbednarz Nov 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/2048.txt
View file
Open in desktop
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/cloudflare_origin_ca_certificate: add logic to renew certificate and add a new flag to set if we should renew earlier
```
3 changes: 2 additions & 1 deletion docs/resources/origin_ca_certificate.md
View file
Open in desktop
Expand Up @@ -48,7 +48,8 @@ resource "cloudflare_origin_ca_certificate" "example" {

### Optional

- `csr` (String) The Certificate Signing Request. Must be newline-encoded.
- `csr` (String) The Certificate Signing Request. Must be newline-encoded. **Modifying this attribute will force creation of a new resource.**
- `min_days_for_renewal` (Number) Number of days prior to the expiry to trigger a renewal of the certificate if a Terraform operation is run.
- `requested_validity` (Number) The number of days for which the certificate should be valid. Available values: `7`, `30`, `90`, `365`, `730`, `1095`, `5475`. **Modifying this attribute will force creation of a new resource.**

### Read-Only
Expand Down
5 changes: 5 additions & 0 deletions internal/provider/provider_test.go
View file
Open in desktop
Expand Up @@ -125,6 +125,11 @@ func testAccPreCheckApiUserServiceKey(t *testing.T) {
if v := os.Getenv("CLOUDFLARE_API_USER_SERVICE_KEY"); v == "" {
t.Fatal("CLOUDFLARE_API_USER_SERVICE_KEY must be set for acceptance tests")
}

err := testAccProvider.Configure(context.Background(), terraform.NewResourceConfigRaw(nil))
if err != nil {
t.Fatal(err)
}
}

func testAccPreCheckDomain(t *testing.T) {
Expand Down
29 changes: 29 additions & 0 deletions internal/provider/resource_cloudflare_origin_ca_certificate.go
View file
Open in desktop
Expand Up @@ -12,6 +12,7 @@ import (
cloudflare "github.com/cloudflare/cloudflare-go"
"github.com/hashicorp/terraform-plugin-log/tflog"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)

Expand All @@ -20,14 +21,42 @@ func resourceCloudflareOriginCACertificate() *schema.Resource {
Schema: resourceCloudflareOriginCACertificateSchema(),
CreateContext: resourceCloudflareOriginCACertificateCreate,
ReadContext: resourceCloudflareOriginCACertificateRead,
UpdateContext: resourceCloudflareOriginCACertificateRead,
DeleteContext: resourceCloudflareOriginCACertificateDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
CustomizeDiff: customdiff.Sequence(
customdiff.ForceNewIf("expires_on", mustRenew),
),
Description: "Provides a Cloudflare Origin CA certificate used to protect traffic to your origin without involving a third party Certificate Authority.",
}
}

func mustRenew(ctx context.Context, d *schema.ResourceDiff, meta interface{}) bool {
// Check when the cert will expire
expiresonRaw := d.Get("expires_on")
if (expiresonRaw == nil) || (expiresonRaw == "") {
return false
}
expireson, _ := time.Parse(time.RFC3339, expiresonRaw.(string))

// Calculate when we should renew
earlyExpiration := expireson.AddDate(0, 0, -1*d.Get("min_days_for_renewal").(int))

if time.Now().After(earlyExpiration) {
tflog.Info(ctx, fmt.Sprintf("We will renew the certificate as we passed the expected date (%s)", earlyExpiration))
err := d.SetNewComputed("expires_on")
if err != nil {
tflog.Warn(ctx, fmt.Sprintf("error setting to renew the certificate: %s", err))
return false
}
return true
}

return false
}

func resourceCloudflareOriginCACertificateCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*cloudflare.API)

Expand Down
1 change: 0 additions & 1 deletion internal/provider/resource_cloudflare_origin_ca_certificate_test.go
View file
Open in desktop
Expand Up @@ -33,7 +33,6 @@ func TestAccCloudflareOriginCACertificate_Basic(t *testing.T) {

resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
testAccPreCheckApiUserServiceKey(t)
},
ProviderFactories: providerFactories,
Expand Down
5 changes: 5 additions & 0 deletions internal/provider/schema_cloudflare_origin_ca_certificate.go
View file
Open in desktop
Expand Up @@ -50,5 +50,10 @@ func resourceCloudflareOriginCACertificateSchema() map[string]*schema.Schema {
ValidateFunc: validation.IntInSlice([]int{7, 30, 90, 365, 730, 1095, 5475}),
Description: fmt.Sprintf("The number of days for which the certificate should be valid. %s", renderAvailableDocumentationValuesIntSlice([]int{7, 30, 90, 365, 730, 1095, 5475})),
},
"min_days_for_renewal": {
Type: schema.TypeInt,
Optional: true,
Description: "Number of days prior to the expiry to trigger a renewal of the certificate if a Terraform operation is run.",
},
}
}