Skip to content

Commit

Permalink
Merge pull request #12 from programmigo/feature/add_signacl_options_d…
Browse files Browse the repository at this point in the history
…efinition

Add signacl options to definitions resource
  • Loading branch information
harrydevnull authored Apr 8, 2024
2 parents 53ee167 + 3f0af73 commit e798f52
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 2 deletions.
4 changes: 3 additions & 1 deletion docs/resources/definitions.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,9 @@ Optional:
- `is_ca` (Number) Is the SSL certificate a CA.
- `issuer` (String) The issuer for the SSL certificate.
- `refresh_period` (String) The refresh period for the symmetric key.
- `signaclgroup` (String) Group that is eligible to sign the certificate. Required for CA definition setup.
- `signacl` (String) Collection that is eligible to sign the certificate. Can be used for CA definition setup.
- `signacldomain` (String) Much like a signacl rule, it restricts signing to the named collection. However, it has the additional restriction of only applying to a particular domain name or wildcarded domain (denoted by a domain starting with '*.' ). Can be used for CA definition setup.
- `signaclgroup` (String) Group that is eligible to sign the certificate. Can be used for CA definition setup.
- `subj_alt_names` (String) Subject Alternative Names of the SSL certificate.


Expand Down
26 changes: 25 additions & 1 deletion internal/provider/definitions_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,17 @@ func (r *definitionsResource) Schema(_ context.Context, _ resource.SchemaRequest
Optional: true,
Description: "KMI path to the template used to sign the certificate by the CA.",
},
"signacl": schema.StringAttribute{
Optional: true,
Description: "Collection that is eligible to sign the certificate. Can be used for CA definition setup.",
},
"signacldomain": schema.StringAttribute{
Optional: true,
Description: "Much like a signacl rule, it restricts signing to the named collection. However, it has the additional restriction of only applying to a particular domain name or wildcarded domain (denoted by a domain starting with '*.' ). Can be used for CA definition setup.",
},
"signaclgroup": schema.StringAttribute{
Optional: true,
Description: "Group that is eligible to sign the certificate. Required for CA definition setup.",
Description: "Group that is eligible to sign the certificate. Can be used for CA definition setup.",
},
},
Optional: true,
Expand Down Expand Up @@ -623,6 +631,8 @@ type SSLCert struct {
Cn types.String `tfsdk:"cn"`
Sans types.String `tfsdk:"subj_alt_names"`
CAName types.String `tfsdk:"ca_name"`
SignACL types.String `tfsdk:"signacl"`
SignACLDomain types.String `tfsdk:"signacldomain"`
SignACLGroup types.String `tfsdk:"signaclgroup"`
}

Expand Down Expand Up @@ -661,6 +671,20 @@ func (s SSLCert) RequestPayload(definition kmi.KMIDefinition) (kmi.KMIDefinition
}
options = append(options, option)
}
if !s.SignACL.IsNull() {
option := &kmi.KMIOption{
Name: "signacl:" + s.SignACL.ValueString(),
Text: "true",
}
options = append(options, option)
}
if !s.SignACLDomain.IsNull() {
option := &kmi.KMIOption{
Name: "signacldomain:" + s.SignACLDomain.ValueString(),
Text: "true",
}
options = append(options, option)
}
if !s.SignACLGroup.IsNull() {
option := &kmi.KMIOption{
Name: "signaclgroup:" + s.SignACLGroup.ValueString(),
Expand Down

0 comments on commit e798f52

Please sign in to comment.