Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(waf): modify some issues with the waf certificate resource and datasource #5808

Merged
merged 2 commits into from
Nov 5, 2024
Merged

chore(waf): modify some issues with the waf certificate resource and datasource #5808

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ee0dfab
chore(waf): maintain waf certificate datasource and fix some problems
deer-hang Nov 4, 2024
9103b75
chore(waf): maintain waf certificate resource and fix some problems
deer-hang Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 18 additions & 12 deletions docs/data-sources/waf_certificate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,15 @@
subcategory: "Web Application Firewall (WAF)"
layout: "huaweicloud"
page_title: "HuaweiCloud: huaweicloud_waf_certificate"
description: ""
description: |
Use this data source to get the certificate of WAF within HuaweiCloud.
---

# huaweicloud_waf_certificate

Get the certificate in the WAF, including the one pushed from SCM.
Use this data source to get the certificate of WAF within HuaweiCloud.

-> When multiple pieces of data are queried, the datasource will process the first piece of data and put it back.

## Example Usage

Expand All @@ -24,24 +27,27 @@ data "huaweicloud_waf_certificate" "certificate_1" {

The following arguments are supported:

* `region` - (Optional, String) The region in which to obtain the WAF. If omitted, the provider-level region will be
used.
* `region` - (Optional, String) Specifies the region in which to obtain the WAF. If omitted, the provider-level region
will be used.

* `name` - (Required, String) The name of certificate. The value is case sensitive and supports fuzzy matching.
* `name` - (Optional, String) Specifies the name of certificate. The value is case-sensitive and supports fuzzy matching.

-> **NOTE:** The certificate name is not unique. Only returns the last created one when matched multiple certificates.
* `enterprise_project_id` - (Optional, String) Specifies the enterprise project ID of WAF certificate.
For enterprise users, if omitted, default enterprise project will be used.

* `expire_status` - (Optional, Int) The expire status of certificate. Defaults is `0`. The value can be:
+ `0`: not expire
+ `1`: has expired
+ `2`: wil expired soon
* `expiration_status` - (Optional, String) Specifies the certificate expiration status. The options are as follows:
+ `0`: Not expired;
+ `1`: Expired;
+ `2`: Expired soon (The certificate will expire in one month.)

* `enterprise_project_id` - (Optional, String) The enterprise project ID of WAF certificate.
-> If this field is not configured, all certificates that meet the expired status will be found.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The certificate ID in UUID format.

* `expiration` - Indicates the time when the certificate expires.
* `created_at` - Indicates the time when the certificate uploaded, in RFC3339 format.

* `expired_at` - Indicates the time when the certificate expires, in RFC3339 format.
18 changes: 11 additions & 7 deletions docs/resources/waf_certificate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,24 @@
subcategory: "Web Application Firewall (WAF)"
layout: "huaweicloud"
page_title: "HuaweiCloud: huaweicloud_waf_certificate"
description: ""
description: |
Manages a WAF certificate resource within HuaweiCloud.
---

# huaweicloud_waf_certificate

Manages a WAF certificate resource within HuaweiCloud.

-> **NOTE:** All WAF resources depend on WAF instances, and the WAF instances need to be purchased before they can be
used. The certificate resource can be used in Cloud Mode, Dedicated Mode and ELB Mode.
used. The certificate resource can be used in Cloud Mode, Dedicated Mode.

## Example Usage

```hcl
variable enterprise_project_id {}

resource "huaweicloud_waf_certificate" "certificate_1" {
name = "cert_1"
resource "huaweicloud_waf_certificate" "test" {
name = "test-name"
enterprise_project_id = var.enterprise_project_id
certificate = <<EOT
-----BEGIN CERTIFICATE-----
Expand All @@ -44,7 +45,7 @@ EOT

The following arguments are supported:

* `region` - (Optional, String, ForceNew) The region in which to create the WAF certificate resource. If omitted, the
* `region` - (Optional, String, ForceNew) Specifies the region in which to create the WAF certificate. If omitted, the
provider-level region will be used. Changing this setting will push a new certificate.

* `name` - (Required, String) Specifies the certificate name. The maximum length is `256` characters. Only digits,
Expand All @@ -59,6 +60,7 @@ The following arguments are supported:
replaced with `\n`.

* `enterprise_project_id` - (Optional, String, ForceNew) Specifies the enterprise project ID of WAF certificate.
For enterprise users, if omitted, default enterprise project will be used.
Changing this parameter will create a new resource.

## Attribute Reference
Expand All @@ -67,7 +69,9 @@ In addition to all arguments above, the following attributes are exported:

* `id` - The certificate ID in UUID format.

* `expiration` - Indicates the time when the certificate expires.
* `created_at` - Indicates the time when the certificate uploaded, in RFC3339 format.

* `expired_at` - Indicates the time when the certificate expires, in RFC3339 format.

## Import

Expand All @@ -89,7 +93,7 @@ Note that the imported state is not identical to your resource definition, due t
attributes include `certificate`, and `private_key`. You can ignore changes as below.

```hcl
resource "huaweicloud_waf_certificate" "certificate_2" {
resource "huaweicloud_waf_certificate" "test" {
...
lifecycle {
ignore_changes = [
Expand Down
4 changes: 2 additions & 2 deletions huaweicloud/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1075,7 +1075,7 @@ func Provider() *schema.Provider {
"huaweicloud_vpn_user_groups": vpn.DataSourceVpnUserGroups(),

"huaweicloud_waf_address_groups": waf.DataSourceWafAddressGroups(),
"huaweicloud_waf_certificate": waf.DataSourceWafCertificateV1(),
"huaweicloud_waf_certificate": waf.DataSourceWafCertificate(),
"huaweicloud_waf_dedicated_domains": waf.DataSourceWafDedicatedDomains(),
"huaweicloud_waf_dedicated_instances": waf.DataSourceWafDedicatedInstancesV1(),
"huaweicloud_waf_domains": waf.DataSourceWafDomains(),
Expand Down Expand Up @@ -2008,7 +2008,7 @@ func Provider() *schema.Provider {
"huaweicloud_vpn_client_ca_certificate": vpn.ResourceClientCACertificate(),

"huaweicloud_waf_address_group": waf.ResourceWafAddressGroup(),
"huaweicloud_waf_certificate": waf.ResourceWafCertificateV1(),
"huaweicloud_waf_certificate": waf.ResourceWafCertificate(),
"huaweicloud_waf_cloud_instance": waf.ResourceCloudInstance(),
"huaweicloud_waf_domain": waf.ResourceWafDomain(),
"huaweicloud_waf_policy": waf.ResourceWafPolicyV1(),
Expand Down
89 changes: 19 additions & 70 deletions huaweicloud/services/acceptance/waf/data_source_huaweicloud_waf_certificate_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,39 +5,18 @@ import (
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"

"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils/fmtp"
)

func TestAccDataSourceWafCertificateV1_basic(t *testing.T) {
name := acceptance.RandomAccResourceName()
dataSourceName := "data.huaweicloud_waf_certificate.cert_1"
// Before running the test case, please ensure that there is at least one WAF instance in the current region.
func TestAccDataSourceWafCertificate_basic(t *testing.T) {
var (
name = acceptance.RandomAccResourceName()

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
acceptance.TestAccPreCheck(t)
acceptance.TestAccPrecheckWafInstance(t)
},
ProviderFactories: acceptance.TestAccProviderFactories,
Steps: []resource.TestStep{
{
Config: testAccWafCertificateListV1_conf(name),
Check: resource.ComposeTestCheckFunc(
testAccCheckWafCertDataSourceID(dataSourceName),
resource.TestCheckResourceAttr(dataSourceName, "name", name),
resource.TestCheckResourceAttr(dataSourceName, "expire_status", "1"),
resource.TestCheckResourceAttrSet(dataSourceName, "expiration"),
),
},
},
})
}

func TestAccDataSourceWafCertificateV1_withEpsID(t *testing.T) {
name := acceptance.RandomAccResourceName()
dataSourceName := "data.huaweicloud_waf_certificate.cert_1"
datasourceName = "data.huaweicloud_waf_certificate.test"
dc = acceptance.InitDataSourceCheck(datasourceName)
)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
Expand All @@ -48,59 +27,29 @@ func TestAccDataSourceWafCertificateV1_withEpsID(t *testing.T) {
ProviderFactories: acceptance.TestAccProviderFactories,
Steps: []resource.TestStep{
{
Config: testAccWafCertificateListV1_conf_withEpsID(name, acceptance.HW_ENTERPRISE_PROJECT_ID_TEST),
Config: testAccDatasourceWafCertificate_basic(name),
Check: resource.ComposeTestCheckFunc(
testAccCheckWafCertDataSourceID(dataSourceName),
resource.TestCheckResourceAttr(dataSourceName, "enterprise_project_id", acceptance.HW_ENTERPRISE_PROJECT_ID_TEST),
resource.TestCheckResourceAttr(dataSourceName, "name", name),
resource.TestCheckResourceAttr(dataSourceName, "expire_status", "1"),
resource.TestCheckResourceAttrSet(dataSourceName, "expiration"),
dc.CheckResourceExists(),
resource.TestCheckResourceAttrSet(datasourceName, "name"),
resource.TestCheckResourceAttrSet(datasourceName, "enterprise_project_id"),
resource.TestCheckResourceAttrSet(datasourceName, "created_at"),
),
},
},
})
}

func testAccCheckWafCertDataSourceID(r string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[r]
if !ok {
return fmtp.Errorf("Can't find waf data source: %s ", r)
}
if rs.Primary.ID == "" {
return fmtp.Errorf("The Waf Certificate data source ID not set ")
}
return nil
}
}

func testAccWafCertificateListV1_conf(name string) string {
return fmt.Sprintf(`
%s

data "huaweicloud_waf_certificate" "cert_1" {
name = huaweicloud_waf_certificate.certificate_1.name
expire_status = 1

depends_on = [
huaweicloud_waf_certificate.certificate_1
]
}
`, testAccWafCertificateV1_conf(name))
}

func testAccWafCertificateListV1_conf_withEpsID(name, epsID string) string {
func testAccDatasourceWafCertificate_basic(name string) string {
return fmt.Sprintf(`
%s
%[1]s

data "huaweicloud_waf_certificate" "cert_1" {
name = huaweicloud_waf_certificate.certificate_1.name
enterprise_project_id = "%s"
expire_status = 1
data "huaweicloud_waf_certificate" "test" {
name = huaweicloud_waf_certificate.test.name
enterprise_project_id = "%[2]s"

depends_on = [
huaweicloud_waf_certificate.certificate_1
huaweicloud_waf_certificate.test
]
}
`, testAccWafCertificateV1_conf_withEpsID(name, epsID), epsID)
`, testAccWafCertificate_basic(name, generateCertificateBody()), acceptance.HW_ENTERPRISE_PROJECT_ID_TEST)
}
Loading
Loading