From 9f59337d4efc33d8f1f95cca55a4e9e229c1cfd1 Mon Sep 17 00:00:00 2001
From: Grzegorz Pietrusza <gpietrus@akamai.com>
Date: Wed, 10 Apr 2024 15:04:15 +0200
Subject: [PATCH] DI-17952 add support for subj_alt_uris in definition

---
 docs/resources/definitions.md             |  1 +
 internal/provider/definitions_resource.go | 38 +++++++++++++++--------
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/docs/resources/definitions.md b/docs/resources/definitions.md
index e536c1b..f611b8a 100644
--- a/docs/resources/definitions.md
+++ b/docs/resources/definitions.md
@@ -65,6 +65,7 @@ Optional:
 - `signacldomain` (String) Much like a signacl rule, it restricts signing to the named collection. However, it has the additional restriction of only applying to a particular domain name or wildcarded domain (denoted by a domain starting with '*.' ). Can be used for CA definition setup.
 - `signaclgroup` (String) Group that is eligible to sign the certificate. Can be used for CA definition setup.
 - `subj_alt_names` (String) Subject Alternative Names of the SSL certificate.
+- `subj_alt_uris` (String) Subject Alternative URIs of the SSL certificate.
 
 
 <a id="nestedatt--symmetric_key"></a>
diff --git a/internal/provider/definitions_resource.go b/internal/provider/definitions_resource.go
index 1d427d0..8143427 100644
--- a/internal/provider/definitions_resource.go
+++ b/internal/provider/definitions_resource.go
@@ -97,6 +97,10 @@ func (r *definitionsResource) Schema(_ context.Context, _ resource.SchemaRequest
 						Optional:    true,
 						Description: "Subject Alternative Names of the SSL certificate. ",
 					},
+					"subj_alt_uris": schema.StringAttribute{
+						Optional:    true,
+						Description: "Subject Alternative URIs of the SSL certificate. ",
+					},
 					"ca_name": schema.StringAttribute{
 						Optional:    true,
 						Description: "KMI path to the template used to sign the certificate by the CA.",
@@ -623,17 +627,18 @@ func (op Transparent) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefin
 }
 
 type SSLCert struct {
-	AutoGenerate  types.Bool   `tfsdk:"auto_generate"`
-	ExpiryPeriod  types.String `tfsdk:"expire_period"`
-	RefreshPeriod types.String `tfsdk:"refresh_period"`
-	Issuer        types.String `tfsdk:"issuer"`
-	IsCA          types.Int64  `tfsdk:"is_ca"`
-	Cn            types.String `tfsdk:"cn"`
-	Sans          types.String `tfsdk:"subj_alt_names"`
-	CAName        types.String `tfsdk:"ca_name"`
-	SignACL       types.String `tfsdk:"signacl"`
-	SignACLDomain types.String `tfsdk:"signacldomain"`
-	SignACLGroup  types.String `tfsdk:"signaclgroup"`
+	AutoGenerate    types.Bool   `tfsdk:"auto_generate"`
+	ExpiryPeriod    types.String `tfsdk:"expire_period"`
+	RefreshPeriod   types.String `tfsdk:"refresh_period"`
+	Issuer          types.String `tfsdk:"issuer"`
+	IsCA            types.Int64  `tfsdk:"is_ca"`
+	Cn              types.String `tfsdk:"cn"`
+	SubjectAltNames types.String `tfsdk:"subj_alt_names"`
+	SubjectAltUris  types.String `tfsdk:"subj_alt_uris"`
+	CAName          types.String `tfsdk:"ca_name"`
+	SignACL         types.String `tfsdk:"signacl"`
+	SignACLDomain   types.String `tfsdk:"signacldomain"`
+	SignACLGroup    types.String `tfsdk:"signaclgroup"`
 }
 
 func (s SSLCert) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition, error) {
@@ -664,10 +669,17 @@ func (s SSLCert) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition
 		}
 		options = append(options, option)
 	}
-	if !s.Sans.IsNull() {
+	if !s.SubjectAltNames.IsNull() {
 		option := &kmi.KMIOption{
 			Name: "subj_alt_names",
-			Text: s.Sans.ValueString(),
+			Text: s.SubjectAltNames.ValueString(),
+		}
+		options = append(options, option)
+	}
+	if !s.SubjectAltUris.IsNull() {
+		option := &kmi.KMIOption{
+			Name: "subj_alt_uris",
+			Text: s.SubjectAltUris.ValueString(),
 		}
 		options = append(options, option)
 	}