Service Fabric server certificate common names (#3652)

hashicorp · Jun 20, 2019 · d83b914 · d83b914
1 parent 1c39bbf
commit d83b914
Show file tree

Hide file tree

Showing 3 changed files with 604 additions and 127 deletions.
diff --git a/azurerm/resource_arm_service_fabric_cluster.go b/azurerm/resource_arm_service_fabric_cluster.go
@@ -107,9 +107,10 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 			},
 
 			"certificate": {
-				Type:     schema.TypeList,
-				Optional: true,
-				MaxItems: 1,
+				Type:          schema.TypeList,
+				Optional:      true,
+				MaxItems:      1,
+				ConflictsWith: []string{"certificate_common_names"},
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"thumbprint": {
@@ -128,6 +129,41 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 				},
 			},
 
+			"certificate_common_names": {
+				Type:          schema.TypeList,
+				Optional:      true,
+				MaxItems:      1,
+				ConflictsWith: []string{"certificate"},
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"common_names": {
+							Type:     schema.TypeSet,
+							Required: true,
+							MinItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"certificate_common_name": {
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: validate.NoEmptyStrings,
+									},
+									"certificate_issuer_thumbprint": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: validate.NoEmptyStrings,
+									},
+								},
+							},
+						},
+						"x509_store_name": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validate.NoEmptyStrings,
+						},
+					},
+				},
+			},
+
 			"reverse_proxy_certificate": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -171,34 +207,28 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 			"diagnostics_config": {
 				Type:     schema.TypeList,
 				Optional: true,
-				ForceNew: true,
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"storage_account_name": {
 							Type:     schema.TypeString,
 							Required: true,
-							ForceNew: true,
 						},
 						"protected_account_key_name": {
 							Type:     schema.TypeString,
 							Required: true,
-							ForceNew: true,
 						},
 						"blob_endpoint": {
 							Type:     schema.TypeString,
 							Required: true,
-							ForceNew: true,
 						},
 						"queue_endpoint": {
 							Type:     schema.TypeString,
 							Required: true,
-							ForceNew: true,
 						},
 						"table_endpoint": {
 							Type:     schema.TypeString,
 							Required: true,
-							ForceNew: true,
 						},
 					},
 				},
@@ -229,7 +259,6 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 						"name": {
 							Type:     schema.TypeString,
 							Required: true,
-							ForceNew: true,
 						},
 						"placement_properties": {
 							Type:     schema.TypeMap,
@@ -246,17 +275,14 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 						"is_primary": {
 							Type:     schema.TypeBool,
 							Required: true,
-							ForceNew: true,
 						},
 						"client_endpoint_port": {
 							Type:     schema.TypeInt,
 							Required: true,
-							ForceNew: true,
 						},
 						"http_endpoint_port": {
 							Type:     schema.TypeInt,
 							Required: true,
-							ForceNew: true,
 						},
 						"reverse_proxy_endpoint_port": {
 							Type:         schema.TypeInt,
@@ -267,7 +293,6 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 							Type:     schema.TypeString,
 							Optional: true,
 							Default:  string(servicefabric.Bronze),
-							ForceNew: true,
 							ValidateFunc: validation.StringInSlice([]string{
 								string(servicefabric.Bronze),
 								string(servicefabric.Gold),
@@ -278,20 +303,17 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 						"application_ports": {
 							Type:     schema.TypeList,
 							Optional: true,
-							ForceNew: true,
 							Computed: true,
 							MaxItems: 1,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"start_port": {
 										Type:     schema.TypeInt,
 										Required: true,
-										ForceNew: true,
 									},
 									"end_port": {
 										Type:     schema.TypeInt,
 										Required: true,
-										ForceNew: true,
 									},
 								},
 							},
@@ -300,20 +322,17 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 						"ephemeral_ports": {
 							Type:     schema.TypeList,
 							Optional: true,
-							ForceNew: true,
 							Computed: true,
 							MaxItems: 1,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"start_port": {
 										Type:     schema.TypeInt,
 										Required: true,
-										ForceNew: true,
 									},
 									"end_port": {
 										Type:     schema.TypeInt,
 										Required: true,
-										ForceNew: true,
 									},
 								},
 							},
@@ -367,9 +386,6 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
 	azureActiveDirectoryRaw := d.Get("azure_active_directory").([]interface{})
 	azureActiveDirectory := expandServiceFabricClusterAzureActiveDirectory(azureActiveDirectoryRaw)
 
-	certificateRaw := d.Get("certificate").([]interface{})
-	certificate := expandServiceFabricClusterCertificate(certificateRaw)
-
 	reverseProxyCertificateRaw := d.Get("reverse_proxy_certificate").([]interface{})
 	reverseProxyCertificate := expandServiceFabricClusterReverseProxyCertificate(reverseProxyCertificateRaw)
 
@@ -391,7 +407,7 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
 		ClusterProperties: &servicefabric.ClusterProperties{
 			AddOnFeatures:                   addOnFeatures,
 			AzureActiveDirectory:            azureActiveDirectory,
-			Certificate:                     certificate,
+			CertificateCommonNames:          expandServiceFabricClusterCertificateCommonNames(d),
 			ReverseProxyCertificate:         reverseProxyCertificate,
 			ClientCertificateThumbprints:    clientCertificateThumbprints,
 			DiagnosticsStorageAccountConfig: diagnostics,
@@ -404,6 +420,11 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
 		},
 	}
 
+	if certificateRaw, ok := d.GetOk("certificate"); ok {
+		certificate := expandServiceFabricClusterCertificate(certificateRaw.([]interface{}))
+		cluster.ClusterProperties.Certificate = certificate
+	}
+
 	if clusterCodeVersion != "" {
 		cluster.ClusterProperties.ClusterCodeVersion = utils.String(clusterCodeVersion)
 	}
@@ -482,6 +503,11 @@ func resourceArmServiceFabricClusterRead(d *schema.ResourceData, meta interface{
 			return fmt.Errorf("Error setting `certificate`: %+v", err)
 		}
 
+		certificateCommonNames := flattenServiceFabricClusterCertificateCommonNames(props.CertificateCommonNames)
+		if err := d.Set("certificate_common_names", certificateCommonNames); err != nil {
+			return fmt.Errorf("Error setting `certificate_common_names`: %+v", err)
+		}
+
 		reverseProxyCertificate := flattenServiceFabricClusterReverseProxyCertificate(props.ReverseProxyCertificate)
 		if err := d.Set("reverse_proxy_certificate", reverseProxyCertificate); err != nil {
 			return fmt.Errorf("Error setting `reverse_proxy_certificate`: %+v", err)
@@ -644,6 +670,70 @@ func flattenServiceFabricClusterCertificate(input *servicefabric.CertificateDesc
 	return results
 }
 
+func expandServiceFabricClusterCertificateCommonNames(d *schema.ResourceData) *servicefabric.ServerCertificateCommonNames {
+	i := d.Get("certificate_common_names").([]interface{})
+	if len(i) <= 0 || i[0] == nil {
+		return nil
+	}
+	input := i[0].(map[string]interface{})
+
+	commonNamesRaw := input["common_names"].(*schema.Set).List()
+	commonNames := make([]servicefabric.ServerCertificateCommonName, 0)
+
+	for _, commonName := range commonNamesRaw {
+		commonNameDetails := commonName.(map[string]interface{})
+		certificateCommonName := commonNameDetails["certificate_common_name"].(string)
+		certificateIssuerThumbprint := commonNameDetails["certificate_issuer_thumbprint"].(string)
+
+		commonName := servicefabric.ServerCertificateCommonName{
+			CertificateCommonName:       &certificateCommonName,
+			CertificateIssuerThumbprint: &certificateIssuerThumbprint,
+		}
+
+		commonNames = append(commonNames, commonName)
+	}
+
+	x509StoreName := input["x509_store_name"].(string)
+
+	output := servicefabric.ServerCertificateCommonNames{
+		CommonNames:   &commonNames,
+		X509StoreName: servicefabric.X509StoreName1(x509StoreName),
+	}
+
+	return &output
+}
+
+func flattenServiceFabricClusterCertificateCommonNames(in *servicefabric.ServerCertificateCommonNames) []interface{} {
+	if in == nil {
+		return []interface{}{}
+	}
+
+	output := make(map[string]interface{})
+
+	if commonNames := in.CommonNames; commonNames != nil {
+		common_names := make([]map[string]interface{}, 0)
+		for _, i := range *commonNames {
+			commonName := make(map[string]interface{})
+
+			if i.CertificateCommonName != nil {
+				commonName["certificate_common_name"] = *i.CertificateCommonName
+			}
+
+			if i.CertificateIssuerThumbprint != nil {
+				commonName["certificate_issuer_thumbprint"] = *i.CertificateIssuerThumbprint
+			}
+
+			common_names = append(common_names, commonName)
+		}
+
+		output["common_names"] = common_names
+	}
+
+	output["x509_store_name"] = string(in.X509StoreName)
+
+	return []interface{}{output}
+}
+
 func expandServiceFabricClusterReverseProxyCertificate(input []interface{}) *servicefabric.CertificateDescription {
 	if len(input) == 0 {
 		return nil