Pull request #7: Feature/ca name and b64 opaques

Merge in ~HACHANDR/terraform-provider-kmi from feature/ca_name-and-b64-opaques to main * commit '37ade7b450837ddfded88db8d4a43a8181327df8': adding simple testcase for b64encoded while unmarshalling Adding unit tests for marshalling and unmarshalling fixing opaque/transparent typo Adding support for ca_name, signer and base64 encoded multiline secrets
harrydevnull · Jan 25, 2024 · bf8f20e · bf8f20e
2 parents e769d31 + 37ade7b
commit bf8f20e
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 18 deletions.
diff --git a/docs/resources/definitions.md b/docs/resources/definitions.md
@@ -23,6 +23,7 @@ description: |-
 ### Optional
 
 - `azure_sp` (Attributes) The Azure Service Principal to create. (see [below for nested schema](#nestedatt--azure_sp))
+- `b64encoded` (Boolean) Should the secret be Base64-encoded? If it's not set, then is "false"
 - `opaque` (String) The Opaque definition to create.
 - `ssl_cert` (Attributes) The SSL certificate to create. (see [below for nested schema](#nestedatt--ssl_cert))
 - `symmetric_key` (Attributes) (see [below for nested schema](#nestedatt--symmetric_key))
@@ -51,11 +52,13 @@ Required:
 
 Optional:
 
+- `ca_name` (String) KMI path to the template used to sign the certificate by the CA.
 - `cn` (String) Common Name of the SSL certificate.
 - `expire_period` (String) The expire period for the symmetric key.
 - `is_ca` (Number) Is the SSL certificate a CA.
 - `issuer` (String) The issuer for the SSL certificate.
 - `refresh_period` (String) The refresh period for the symmetric key.
+- `signaclgroup` (String) Group that is eligible to sign the certificate. Required for CA definition setup.
 - `subj_alt_names` (String) Subject Alternative Names of the SSL certificate.
 
 

diff --git a/internal/kmi/types.go b/internal/kmi/types.go
@@ -194,8 +194,9 @@ type BlockSecret struct {
 	XMLName xml.Name `xml:"secret"`
 	Text    string   `xml:",chardata"`
 	Block   struct {
-		Text string `xml:",chardata"`
-		Name string `xml:"name,attr"`
+		Text       string `xml:",chardata"`
+		Name       string `xml:"name,attr"`
+		B64Encoded string `xml:"b64encoded,attr"`
 	} `xml:"block"`
 }
 

diff --git a/internal/kmi/types_test.go b/internal/kmi/types_test.go
@@ -204,3 +204,47 @@ func Test_GroupsUnMarshalling(t *testing.T) {
 	}
 
 }
+
+func Test_BlockSecretUnmarshalling(t *testing.T) {
+	data := []byte(`<secret><block name="opaque" b64encoded="true">dGVzdC1lbmNvZGluZwo=</block></secret>`)
+	var unmarshalled BlockSecret
+	err := xml.Unmarshal(data, &unmarshalled)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if !reflect.DeepEqual(unmarshalled.Block.Text, "dGVzdC1lbmNvZGluZwo=") {
+		t.Errorf("Marshalling() = %v, want %v", unmarshalled.Block.Text, "dGVzdC1lbmNvZGluZwo=")
+	}
+	if !reflect.DeepEqual(unmarshalled.Text, "") {
+		t.Errorf("Marshalling() = %v, want %v", unmarshalled.Text, "\"\"")
+	}
+	if !reflect.DeepEqual(unmarshalled.Block.B64Encoded, "true") {
+		t.Errorf("Marshalling() = %v, want %v", unmarshalled.Block.B64Encoded, "true")
+	}
+}
+
+func Test_BlockSecretMarshalling(t *testing.T) {
+	blockSecret := BlockSecret{
+		Text: "",
+		Block: struct {
+			Text       string `xml:",chardata"`
+			Name       string `xml:"name,attr"`
+			B64Encoded string `xml:"b64encoded,attr"`
+		}{
+			Text:       "dGVzdC1lbmNvZGluZwo=",
+			Name:       "opaque",
+			B64Encoded: "true",
+		},
+	}
+
+	out, err := xml.Marshal(blockSecret)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	data := []byte(`<secret><block name="opaque" b64encoded="true">dGVzdC1lbmNvZGluZwo=</block></secret>`)
+	if !reflect.DeepEqual(out, data) {
+		t.Errorf("Marshalling() = %v, want %v", string(out), string(data))
+	}
+}
diff --git a/internal/provider/definitions_resource.go b/internal/provider/definitions_resource.go
@@ -86,6 +86,14 @@ func (r *definitionsResource) Schema(_ context.Context, _ resource.SchemaRequest
 						Optional:    true,
 						Description: "Subject Alternative Names of the SSL certificate. ",
 					},
+					"ca_name": schema.StringAttribute{
+						Optional:    true,
+						Description: "KMI path to the template used to sign the certificate by the CA.",
+					},
+					"signaclgroup": schema.StringAttribute{
+						Optional:    true,
+						Description: "Group that is eligible to sign the certificate. Required for CA definition setup.",
+					},
 				},
 				Optional:    true,
 				Description: "The SSL certificate to create. ",
@@ -117,6 +125,10 @@ func (r *definitionsResource) Schema(_ context.Context, _ resource.SchemaRequest
 				Optional:    true,
 				Description: "The Opaque definition to create. ",
 			},
+			"b64encoded": schema.BoolAttribute{
+				Optional:    true,
+				Description: "Should the secret be Base64-encoded? If it's not set, then is \"false\"",
+			},
 			"transparent": schema.StringAttribute{
 				Optional:    true,
 				Description: "The Transparent definition to create. ",
@@ -209,11 +221,13 @@ func (r *definitionsResource) Create(ctx context.Context, req resource.CreateReq
 		}
 		err = r.client.CreateBlockSecret(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), kmi.BlockSecret{
 			Block: struct {
-				Text string "xml:\",chardata\""
-				Name string "xml:\"name,attr\""
+				Text       string "xml:\",chardata\""
+				Name       string "xml:\"name,attr\""
+				B64Encoded string `xml:"b64encoded,attr"`
 			}{
-				Name: "opaque",
-				Text: plan.Opaque.ValueString(),
+				Name:       "opaque",
+				Text:       plan.Opaque.ValueString(),
+				B64Encoded: boolStr(plan.B64Encoded.ValueBool()),
 			},
 		})
 		if err != nil {
@@ -238,11 +252,13 @@ func (r *definitionsResource) Create(ctx context.Context, req resource.CreateReq
 		}
 		err = r.client.CreateBlockSecret(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), kmi.BlockSecret{
 			Block: struct {
-				Text string "xml:\",chardata\""
-				Name string "xml:\"name,attr\""
+				Text       string "xml:\",chardata\""
+				Name       string "xml:\"name,attr\""
+				B64Encoded string `xml:"b64encoded,attr"`
 			}{
-				Name: "transparent",
-				Text: plan.Transparent.ValueString(),
+				Name:       "transparent",
+				Text:       plan.Transparent.ValueString(),
+				B64Encoded: boolStr(plan.B64Encoded.ValueBool()),
 			},
 		})
 		if err != nil {
@@ -370,11 +386,13 @@ func (r *definitionsResource) Update(ctx context.Context, req resource.UpdateReq
 		}
 		err = r.client.CreateBlockSecret(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), kmi.BlockSecret{
 			Block: struct {
-				Text string "xml:\",chardata\""
-				Name string "xml:\"name,attr\""
+				Text       string "xml:\",chardata\""
+				Name       string "xml:\"name,attr\""
+				B64Encoded string `xml:"b64encoded,attr"`
 			}{
-				Name: "opaque",
-				Text: plan.Opaque.ValueString(),
+				Name:       "opaque",
+				Text:       plan.Opaque.ValueString(),
+				B64Encoded: boolStr(plan.B64Encoded.ValueBool()),
 			},
 		})
 		if err != nil {
@@ -400,11 +418,13 @@ func (r *definitionsResource) Update(ctx context.Context, req resource.UpdateReq
 		}
 		err = r.client.CreateBlockSecret(plan.CollectionName.ValueString(), plan.DefinitionName.ValueString(), kmi.BlockSecret{
 			Block: struct {
-				Text string "xml:\",chardata\""
-				Name string "xml:\"name,attr\""
+				Text       string "xml:\",chardata\""
+				Name       string "xml:\"name,attr\""
+				B64Encoded string `xml:"b64encoded,attr"`
 			}{
-				Name: "transparent",
-				Text: plan.Transparent.ValueString(),
+				Name:       "transparent",
+				Text:       plan.Transparent.ValueString(),
+				B64Encoded: boolStr(plan.B64Encoded.ValueBool()),
 			},
 		})
 		if err != nil {
@@ -514,6 +534,7 @@ type definitionResourceModel struct {
 	SSLCert        *SSLCert     `tfsdk:"ssl_cert"`
 	AzureSP        *AzureSP     `tfsdk:"azure_sp"`
 	Opaque         types.String `tfsdk:"opaque"`
+	B64Encoded     types.Bool   `tfsdk:"b64encoded"`
 	Transparent    types.String `tfsdk:"transparent"`
 	SymetricKey    *SymetricKey `tfsdk:"symmetric_key"`
 	Options        types.List   `tfsdk:"options"`
@@ -567,13 +588,16 @@ type SSLCert struct {
 	IsCA          types.Int64  `tfsdk:"is_ca"`
 	Cn            types.String `tfsdk:"cn"`
 	Sans          types.String `tfsdk:"subj_alt_names"`
+	CAName        types.String `tfsdk:"ca_name"`
+	SignACLGroup  types.String `tfsdk:"signaclgroup"`
 }
 
 func (s SSLCert) RequestPayload() ([]byte, error) {
 
 	if !s.Issuer.IsNull() && !s.IsCA.IsNull() {
 		return nil, fmt.Errorf("IsCA should not be set if Issuer is set ")
 	}
+
 	var options []*kmi.KMIOption
 	if !s.IsCA.IsNull() {
 		option := &kmi.KMIOption{
@@ -603,6 +627,20 @@ func (s SSLCert) RequestPayload() ([]byte, error) {
 		}
 		options = append(options, option)
 	}
+	if !s.SignACLGroup.IsNull() {
+		option := &kmi.KMIOption{
+			Name: "signaclgroup:" + s.SignACLGroup.ValueString(),
+			Text: "true",
+		}
+		options = append(options, option)
+	}
+	if !s.CAName.IsNull() {
+		option := &kmi.KMIOption{
+			Name: "ca_name",
+			Text: s.CAName.ValueString(),
+		}
+		options = append(options, option)
+	}
 
 	defn := kmi.KMIDefinition{
 		AutoGenerate:  boolStr(s.AutoGenerate.ValueBool()),