Skip to content

Commit

Permalink
chore(waf): maintain waf certificate datasource and fix some problems
Browse files Browse the repository at this point in the history
  • Loading branch information
deer-hang committed Nov 4, 2024
1 parent 6e095ad commit d914ed0
Show file tree
Hide file tree
Showing 4 changed files with 201 additions and 128 deletions.
30 changes: 18 additions & 12 deletions docs/data-sources/waf_certificate.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,15 @@
subcategory: "Web Application Firewall (WAF)"
layout: "huaweicloud"
page_title: "HuaweiCloud: huaweicloud_waf_certificate"
description: ""
description: |
Use this data source to get the certificate of WAF within HuaweiCloud.
---

# huaweicloud_waf_certificate

Get the certificate in the WAF, including the one pushed from SCM.
Use this data source to get the certificate of WAF within HuaweiCloud.

-> When multiple pieces of data are queried, the datasource will process the first piece of data and put it back.

## Example Usage

Expand All @@ -24,24 +27,27 @@ data "huaweicloud_waf_certificate" "certificate_1" {

The following arguments are supported:

* `region` - (Optional, String) The region in which to obtain the WAF. If omitted, the provider-level region will be
used.
* `region` - (Optional, String) Specifies the region in which to obtain the WAF. If omitted, the provider-level region
will be used.

* `name` - (Required, String) The name of certificate. The value is case sensitive and supports fuzzy matching.
* `name` - (Optional, String) Specifies the name of certificate. The value is case-sensitive and supports fuzzy matching.

-> **NOTE:** The certificate name is not unique. Only returns the last created one when matched multiple certificates.
* `enterprise_project_id` - (Optional, String) Specifies the enterprise project ID of WAF certificate.
For enterprise users, if omitted, default enterprise project will be used.

* `expire_status` - (Optional, Int) The expire status of certificate. Defaults is `0`. The value can be:
+ `0`: not expire
+ `1`: has expired
+ `2`: wil expired soon
* `expiration_status` - (Optional, String) Specifies the certificate expiration status. The options are as follows:
+ `0`: Not expired;
+ `1`: Expired;
+ `2`: Expired soon (The certificate will expire in one month.)

* `enterprise_project_id` - (Optional, String) The enterprise project ID of WAF certificate.
-> If this field is not configured, all certificates that meet the expired status will be found.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The certificate ID in UUID format.

* `expiration` - Indicates the time when the certificate expires.
* `created_at` - Indicates the time when the certificate uploaded, in RFC3339 format.

* `expired_at` - Indicates the time when the certificate expires, in RFC3339 format.
2 changes: 1 addition & 1 deletion huaweicloud/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -1075,7 +1075,7 @@ func Provider() *schema.Provider {
"huaweicloud_vpn_user_groups": vpn.DataSourceVpnUserGroups(),

"huaweicloud_waf_address_groups": waf.DataSourceWafAddressGroups(),
"huaweicloud_waf_certificate": waf.DataSourceWafCertificateV1(),
"huaweicloud_waf_certificate": waf.DataSourceWafCertificate(),
"huaweicloud_waf_dedicated_domains": waf.DataSourceWafDedicatedDomains(),
"huaweicloud_waf_dedicated_instances": waf.DataSourceWafDedicatedInstancesV1(),
"huaweicloud_waf_domains": waf.DataSourceWafDomains(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,39 +5,18 @@ import (
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"

"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils/fmtp"
)

func TestAccDataSourceWafCertificateV1_basic(t *testing.T) {
name := acceptance.RandomAccResourceName()
dataSourceName := "data.huaweicloud_waf_certificate.cert_1"
// Before running the test case, please ensure that there is at least one WAF instance in the current region.
func TestAccDataSourceWafCertificate_basic(t *testing.T) {
var (
name = acceptance.RandomAccResourceName()

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
acceptance.TestAccPreCheck(t)
acceptance.TestAccPrecheckWafInstance(t)
},
ProviderFactories: acceptance.TestAccProviderFactories,
Steps: []resource.TestStep{
{
Config: testAccWafCertificateListV1_conf(name),
Check: resource.ComposeTestCheckFunc(
testAccCheckWafCertDataSourceID(dataSourceName),
resource.TestCheckResourceAttr(dataSourceName, "name", name),
resource.TestCheckResourceAttr(dataSourceName, "expire_status", "1"),
resource.TestCheckResourceAttrSet(dataSourceName, "expiration"),
),
},
},
})
}

func TestAccDataSourceWafCertificateV1_withEpsID(t *testing.T) {
name := acceptance.RandomAccResourceName()
dataSourceName := "data.huaweicloud_waf_certificate.cert_1"
datasourceName = "data.huaweicloud_waf_certificate.test"
dc = acceptance.InitDataSourceCheck(datasourceName)
)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
Expand All @@ -48,59 +27,93 @@ func TestAccDataSourceWafCertificateV1_withEpsID(t *testing.T) {
ProviderFactories: acceptance.TestAccProviderFactories,
Steps: []resource.TestStep{
{
Config: testAccWafCertificateListV1_conf_withEpsID(name, acceptance.HW_ENTERPRISE_PROJECT_ID_TEST),
Config: testAccWafCertificateList_basic(name),
Check: resource.ComposeTestCheckFunc(
testAccCheckWafCertDataSourceID(dataSourceName),
resource.TestCheckResourceAttr(dataSourceName, "enterprise_project_id", acceptance.HW_ENTERPRISE_PROJECT_ID_TEST),
resource.TestCheckResourceAttr(dataSourceName, "name", name),
resource.TestCheckResourceAttr(dataSourceName, "expire_status", "1"),
resource.TestCheckResourceAttrSet(dataSourceName, "expiration"),
dc.CheckResourceExists(),
resource.TestCheckResourceAttrSet(datasourceName, "name"),
resource.TestCheckResourceAttrSet(datasourceName, "enterprise_project_id"),
resource.TestCheckResourceAttrSet(datasourceName, "created_at"),
),
},
},
})
}

func testAccCheckWafCertDataSourceID(r string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[r]
if !ok {
return fmtp.Errorf("Can't find waf data source: %s ", r)
}
if rs.Primary.ID == "" {
return fmtp.Errorf("The Waf Certificate data source ID not set ")
}
return nil
}
}

func testAccWafCertificateListV1_conf(name string) string {
func testAccWafCertificateList_base(name string) string {
return fmt.Sprintf(`
%s
resource "huaweicloud_waf_certificate" "test" {
name = "%[1]s"
enterprise_project_id = "%[2]s"
data "huaweicloud_waf_certificate" "cert_1" {
name = huaweicloud_waf_certificate.certificate_1.name
expire_status = 1
certificate = <<EOT
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUehx07qc7un7IB7/X9lHCLkt/jPowDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA1MzEwOTI1NTJaFw0yMjA1
MzEwOTI1NTJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCvmuH5ViGtGOlevJ8vOoN3Ak4pp3SescdAfQa/r4cO
z/bmBqBcZJTX9HODhiQzdemyLLs9aOkQXYIc8OrcaIsjns92XITVDpFW0ThGyjhT
ZdELj9LsbIcVzNPPclTcebZBlzAyX0oLqpHK73OUYQY2E6l44U9G8Id763Bnws9N
Rn3cg0qufrlUgdim/pYZ8ubjvlDJ9eEIhcsu9zu8c8i2+8qLjEsonx5PrwzNlYP4
JqAmZ2dcbQeSPfv5U6ZceKEZfegK+Cxv4rFd5F4Rdxl+SAIY+6mr7qu1dAlcVMLS
QcLlJLRWQ5NmqL9xju7Fbj2VZt+L6nb512iKaedPo2GfAgMBAAGjUzBRMB0GA1Ud
DgQWBBR5yzB/GujpSlLrn0l2p+BslakGzjAfBgNVHSMEGDAWgBR5yzB/GujpSlLr
n0l2p+BslakGzjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCk
TqvcIk0Au/yOxOfIGUZzVkTiORxbwATAfRN6n/+mrgWnIbHG4XFqqjmFr7gGvHeH
+BuyU06VXJgKYaPUqbYl7eBd4Spm5v3Wq7C7i96dOHmG8fVcjQnTWleyEmUsEarv
A6/lhTqXV1+AuNUaH+9EbBUBsrCHGLkECBMKl0+cJN8lo5XncAtp7z1+O/Mn0Zi6
XyNOyvqcmmn8HUkSIS4RlJ2ohuZN6oFC3sYX9g9Vo++IkjGl3dRbf/7JutqBGHNE
RVKoPyaivymDDIIL/qSy/Pi2s0hzUhwc1M8td0K/AMxyeigwNG7mTH0RzX32bUkf
ZoURg5WiRskhtHEvBsLF
-----END CERTIFICATE-----
EOT
depends_on = [
huaweicloud_waf_certificate.certificate_1
]
private_key = <<EOT
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCvmuH5ViGtGOle
vJ8vOoN3Ak4pp3SescdAfQa/r4cOz/bmBqBcZJTX9HODhiQzdemyLLs9aOkQXYIc
8OrcaIsjns92XITVDpFW0ThGyjhTZdELj9LsbIcVzNPPclTcebZBlzAyX0oLqpHK
73OUYQY2E6l44U9G8Id763Bnws9NRn3cg0qufrlUgdim/pYZ8ubjvlDJ9eEIhcsu
9zu8c8i2+8qLjEsonx5PrwzNlYP3JqAmZ2dcbQeSPfv5U6ZceKEZfegK+Cxv4rFd
5F4Rdxl+SAIY+6mr7qu1dAlcVMLSQcLlJLRWQ5NmqL9xju7Fbj2VZt+L6nb512iK
aedPo2GfAgMBAAECggEAeMAvDS3uAEI2Dx/y8h3xUn9yUfBFH+6tTanrXxoK6+OT
Kj96O64qL4l3eQRflkdJiGx74FFomglCtDXxudflfXvxurkJ2hunUySQ5xScwLQt
mB6w8kP6a8IqD+bVdbn32ohk6u5dU0JZ+ErJlklVZRAGJAoCYox5DXwrEh6CP+bJ
pItgjv71tEEnX5sScQwV7FMRbjsPzXoJp8vCQjlUdetM1fk9rs3R2WSeFbPgLLtC
xY0+8Hexy0q6BLmyPZvFCaVIAzAHCYeCyzPK3xcm4odbrBmRL/amOg24CCny065N
MU9RFhEjQsY1RaK7dgkvjsntUZvU+aDcL8o6djOTuQKBgQDlDN/j2ntpGCtbTWH0
cVTW13Ze7U7iE3BfDO3m4VYP3Xi/v5FI8nHlmLrcl30H1dPKvMTec0dCBOqD1wzF
KiqHy8ELowO2CbXMYJpjuPzXH40/AE3eOJVTJM8mOeuFdeFgYCd/9cB7o5jfTA5Y
4zj8EmcRzsH1rNSnvo7/O9q6+wKBgQDERDSvP8RScEbzDKuN6uhzj1K2CAEnY6//
rDA1so18UhAie9NcAvlKa46jQTOcYD77g5h0WSlNt9ZbK9Plq9CY9psI0KNqN3Fl
YVKOKdD5m6Rifmg+lt8KLc/WocQ10DXpPTXzzuRlN/TaMDdN2pedEre/0AAMs8Ia
MIUnu4oyrQKBgQC6b6BNdqi9Ak9IIdR5g0XrGbXfzolGu0vcEkoSg5fpkfuXF/bJ
yY2rtIVkyGmc1w9tFfmol2yI8Ddy2LgsRAYaQl7/edCre3vev0LrqMck0ynE/hpj
purkojF6i+qI10p7h8ie/wmNmbv1BZMoBst7Yf9DH2gA8IynfRQn7DA9wQKBgGaU
M2kJDgX8UsjDbYKuLTIAzb0AMAIzUxBxIX1fRh2dEnvDdjOYBk1EK/fdoyjvENwJ
6ouc8j6BgBKEtKpMg6j+8wbHbTGdqrHPDQPqjSN4mpEz+i4EUqySRxep0tBBc3vl
FybHko3okhvbqXwSbL2Ww90HzI7XAPMJOv8KQO+9AoGBAJxxftNWvypBXGkPCdH2
f3ikvT2Vef9QZjqkvtipCecAkjM6ReLshVsdqFSv/ZmsVUeNKoTHvX2GnhweJM44
x7N2mFK4skBzVtMVbjAHVjG78UitVu+FrzqGreaJXHaduhgUH2iFWfw09joOotAM
X7ioLbTeWGBqFM+C80PkdBNp
-----END PRIVATE KEY-----
EOT
}
`, testAccWafCertificateV1_conf(name))
`, name, acceptance.HW_ENTERPRISE_PROJECT_ID_TEST)
}

func testAccWafCertificateListV1_conf_withEpsID(name, epsID string) string {
func testAccWafCertificateList_basic(name string) string {
return fmt.Sprintf(`
%s
%[1]s
data "huaweicloud_waf_certificate" "cert_1" {
name = huaweicloud_waf_certificate.certificate_1.name
enterprise_project_id = "%s"
expire_status = 1
data "huaweicloud_waf_certificate" "test" {
name = huaweicloud_waf_certificate.test.name
enterprise_project_id = "%[2]s"
depends_on = [
huaweicloud_waf_certificate.certificate_1
huaweicloud_waf_certificate.test
]
}
`, testAccWafCertificateV1_conf_withEpsID(name, epsID), epsID)
`, testAccWafCertificateList_base(name), acceptance.HW_ENTERPRISE_PROJECT_ID_TEST)
}
Loading

0 comments on commit d914ed0

Please sign in to comment.