Skip to content

Commit

Permalink
DI-17952 add support for subj_alt_uris in definition
Browse files Browse the repository at this point in the history
  • Loading branch information
Grzegorz Pietrusza committed Apr 10, 2024
1 parent 0f2fab4 commit 9f59337
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 13 deletions.
1 change: 1 addition & 0 deletions docs/resources/definitions.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ Optional:
- `signacldomain` (String) Much like a signacl rule, it restricts signing to the named collection. However, it has the additional restriction of only applying to a particular domain name or wildcarded domain (denoted by a domain starting with '*.' ). Can be used for CA definition setup.
- `signaclgroup` (String) Group that is eligible to sign the certificate. Can be used for CA definition setup.
- `subj_alt_names` (String) Subject Alternative Names of the SSL certificate.
- `subj_alt_uris` (String) Subject Alternative URIs of the SSL certificate.


<a id="nestedatt--symmetric_key"></a>
Expand Down
38 changes: 25 additions & 13 deletions internal/provider/definitions_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,10 @@ func (r *definitionsResource) Schema(_ context.Context, _ resource.SchemaRequest
Optional: true,
Description: "Subject Alternative Names of the SSL certificate. ",
},
"subj_alt_uris": schema.StringAttribute{
Optional: true,
Description: "Subject Alternative URIs of the SSL certificate. ",
},
"ca_name": schema.StringAttribute{
Optional: true,
Description: "KMI path to the template used to sign the certificate by the CA.",
Expand Down Expand Up @@ -623,17 +627,18 @@ func (op Transparent) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefin
}

type SSLCert struct {
AutoGenerate types.Bool `tfsdk:"auto_generate"`
ExpiryPeriod types.String `tfsdk:"expire_period"`
RefreshPeriod types.String `tfsdk:"refresh_period"`
Issuer types.String `tfsdk:"issuer"`
IsCA types.Int64 `tfsdk:"is_ca"`
Cn types.String `tfsdk:"cn"`
Sans types.String `tfsdk:"subj_alt_names"`
CAName types.String `tfsdk:"ca_name"`
SignACL types.String `tfsdk:"signacl"`
SignACLDomain types.String `tfsdk:"signacldomain"`
SignACLGroup types.String `tfsdk:"signaclgroup"`
AutoGenerate types.Bool `tfsdk:"auto_generate"`
ExpiryPeriod types.String `tfsdk:"expire_period"`
RefreshPeriod types.String `tfsdk:"refresh_period"`
Issuer types.String `tfsdk:"issuer"`
IsCA types.Int64 `tfsdk:"is_ca"`
Cn types.String `tfsdk:"cn"`
SubjectAltNames types.String `tfsdk:"subj_alt_names"`
SubjectAltUris types.String `tfsdk:"subj_alt_uris"`
CAName types.String `tfsdk:"ca_name"`
SignACL types.String `tfsdk:"signacl"`
SignACLDomain types.String `tfsdk:"signacldomain"`
SignACLGroup types.String `tfsdk:"signaclgroup"`
}

func (s SSLCert) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition, error) {
Expand Down Expand Up @@ -664,10 +669,17 @@ func (s SSLCert) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition
}
options = append(options, option)
}
if !s.Sans.IsNull() {
if !s.SubjectAltNames.IsNull() {
option := &kmi.KMIOption{
Name: "subj_alt_names",
Text: s.Sans.ValueString(),
Text: s.SubjectAltNames.ValueString(),
}
options = append(options, option)
}
if !s.SubjectAltUris.IsNull() {
option := &kmi.KMIOption{
Name: "subj_alt_uris",
Text: s.SubjectAltUris.ValueString(),
}
options = append(options, option)
}
Expand Down

0 comments on commit 9f59337

Please sign in to comment.