-
Notifications
You must be signed in to change notification settings - Fork 134
/
resource_tc_clb_replace_cert_for_lbs.go
158 lines (141 loc) · 5.69 KB
/
resource_tc_clb_replace_cert_for_lbs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
package clb
import (
"log"
tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
clb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317"
"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
)
func ResourceTencentCloudClbReplaceCertForLbs() *schema.Resource {
return &schema.Resource{
Create: resourceTencentCloudClbReplaceCertForLbsCreate,
Read: resourceTencentCloudClbReplaceCertForLbsRead,
Delete: resourceTencentCloudClbReplaceCertForLbsDelete,
Schema: map[string]*schema.Schema{
"old_certificate_id": {
Required: true,
ForceNew: true,
Type: schema.TypeString,
Description: "ID of the certificate to be replaced, which can be a server certificate or a client certificate.",
},
"certificate": {
Required: true,
ForceNew: true,
Type: schema.TypeList,
MaxItems: 1,
Description: "Information such as the content of the new certificate.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"ssl_mode": {
Type: schema.TypeString,
Optional: true,
Description: "Authentication type. Value range: UNIDIRECTIONAL (unidirectional authentication), MUTUAL (mutual authentication).",
},
"cert_id": {
Type: schema.TypeString,
Optional: true,
Description: "ID of a server certificate. If you leave this parameter empty, you must upload the certificate, including CertContent, CertKey, and CertName.",
},
"cert_ca_id": {
Type: schema.TypeString,
Optional: true,
Description: "ID of a client certificate. When the listener adopts mutual authentication (i.e., SSLMode = mutual), if you leave this parameter empty, you must upload the client certificate, including CertCaContent and CertCaName.",
},
"cert_name": {
Type: schema.TypeString,
Optional: true,
Description: "Name of the uploaded server certificate. If there is no CertId, this parameter is required.",
},
"cert_key": {
Type: schema.TypeString,
Optional: true,
Description: "Key of the uploaded server certificate. If there is no CertId, this parameter is required.",
},
"cert_content": {
Type: schema.TypeString,
Optional: true,
Description: "Content of the uploaded server certificate. If there is no CertId, this parameter is required.",
},
"cert_ca_name": {
Type: schema.TypeString,
Optional: true,
Description: "Name of the uploaded client CA certificate. When SSLMode = mutual, if there is no CertCaId, this parameter is required.",
},
"cert_ca_content": {
Type: schema.TypeString,
Optional: true,
Description: "Content of the uploaded client certificate. When SSLMode = mutual, if there is no CertCaId, this parameter is required.",
},
},
},
},
},
}
}
func resourceTencentCloudClbReplaceCertForLbsCreate(d *schema.ResourceData, meta interface{}) error {
defer tccommon.LogElapsed("resource.tencentcloud_clb_replace_cert_for_lbs.create")()
defer tccommon.InconsistentCheck(d, meta)()
logId := tccommon.GetLogId(tccommon.ContextNil)
var (
request = clb.NewReplaceCertForLoadBalancersRequest()
oldCertificateId string
)
if v, ok := d.GetOk("old_certificate_id"); ok {
oldCertificateId = v.(string)
request.OldCertificateId = helper.String(v.(string))
}
if dMap, ok := helper.InterfacesHeadMap(d, "certificate"); ok {
certificateInput := clb.CertificateInput{}
if v, ok := dMap["ssl_mode"]; ok {
certificateInput.SSLMode = helper.String(v.(string))
}
if v, ok := dMap["cert_id"]; ok {
certificateInput.CertId = helper.String(v.(string))
}
if v, ok := dMap["cert_ca_id"]; ok {
certificateInput.CertCaId = helper.String(v.(string))
}
if v, ok := dMap["cert_name"]; ok {
certificateInput.CertName = helper.String(v.(string))
}
if v, ok := dMap["cert_key"]; ok {
certificateInput.CertKey = helper.String(v.(string))
}
if v, ok := dMap["cert_content"]; ok {
certificateInput.CertContent = helper.String(v.(string))
}
if v, ok := dMap["cert_ca_name"]; ok {
certificateInput.CertCaName = helper.String(v.(string))
}
if v, ok := dMap["cert_ca_content"]; ok {
certificateInput.CertCaContent = helper.String(v.(string))
}
request.Certificate = &certificateInput
}
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseClbClient().ReplaceCertForLoadBalancers(request)
if e != nil {
return tccommon.RetryError(e)
} else {
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
}
return nil
})
if err != nil {
log.Printf("[CRITAL]%s operate clb replaceCertForLbs failed, reason:%+v", logId, err)
return err
}
d.SetId(oldCertificateId)
return resourceTencentCloudClbReplaceCertForLbsRead(d, meta)
}
func resourceTencentCloudClbReplaceCertForLbsRead(d *schema.ResourceData, meta interface{}) error {
defer tccommon.LogElapsed("resource.tencentcloud_clb_replace_cert_for_lbs.read")()
defer tccommon.InconsistentCheck(d, meta)()
return nil
}
func resourceTencentCloudClbReplaceCertForLbsDelete(d *schema.ResourceData, meta interface{}) error {
defer tccommon.LogElapsed("resource.tencentcloud_clb_replace_cert_for_lbs.delete")()
defer tccommon.InconsistentCheck(d, meta)()
return nil
}