Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service Fabric server certificate common names #3652

Merged
merged 12 commits into from
Jun 20, 2019
Merged

Service Fabric server certificate common names #3652

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
aa93624
allow cert common names rather than thumbprints
steve-hawkins May 21, 2019
85d992d
Merge branch 'master' into service_fabric_common_names
steve-hawkins Jun 13, 2019
e7913b5
added sf certificafte common names
steve-hawkins Jun 13, 2019
b892b7b
fixed linter issue
steve-hawkins Jun 13, 2019
5b3d7b9
Merge branch 'master' into service_fabric_common_names
steve-hawkins Jun 14, 2019
0a4ddea
removed unnecessary force deletes
steve-hawkins Jun 14, 2019
c3326ed
Merge branch 'master' into service_fabric_common_names
steve-hawkins Jun 17, 2019
d60451c
merged latest master
steve-hawkins Jun 17, 2019
94a0635
Merge branch 'bug/sf_force_new' into service_fabric_common_names
steve-hawkins Jun 17, 2019
6b52920
changes based on PR comments
steve-hawkins Jun 19, 2019
ceaad8e
Merge branch 'master' into service_fabric_common_names
steve-hawkins Jun 19, 2019
a9f6a02
Terraform formatting in golang file
steve-hawkins Jun 20, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 114 additions & 24 deletions azurerm/resource_arm_service_fabric_cluster.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,10 @@ func resourceArmServiceFabricCluster() *schema.Resource {
},

"certificate": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
ConflictsWith: []string{"certificate_common_names"},
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"thumbprint": {
Expand All @@ -128,6 +129,41 @@ func resourceArmServiceFabricCluster() *schema.Resource {
},
},

"certificate_common_names": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
ConflictsWith: []string{"certificate"},
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"common_names": {
Type: schema.TypeSet,
Required: true,
MinItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate_common_name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validate.NoEmptyStrings,
},
"certificate_issuer_thumbprint": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validate.NoEmptyStrings,
},
},
},
},
"x509_store_name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validate.NoEmptyStrings,
},
},
},
},

"reverse_proxy_certificate": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -171,34 +207,28 @@ func resourceArmServiceFabricCluster() *schema.Resource {
"diagnostics_config": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"storage_account_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"protected_account_key_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"blob_endpoint": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"queue_endpoint": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"table_endpoint": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
},
},
Expand Down Expand Up @@ -229,7 +259,6 @@ func resourceArmServiceFabricCluster() *schema.Resource {
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"placement_properties": {
Type: schema.TypeMap,
Expand All @@ -246,17 +275,14 @@ func resourceArmServiceFabricCluster() *schema.Resource {
"is_primary": {
Type: schema.TypeBool,
Required: true,
ForceNew: true,
},
"client_endpoint_port": {
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"http_endpoint_port": {
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"reverse_proxy_endpoint_port": {
Type: schema.TypeInt,
Expand All @@ -267,7 +293,6 @@ func resourceArmServiceFabricCluster() *schema.Resource {
Type: schema.TypeString,
Optional: true,
Default: string(servicefabric.Bronze),
ForceNew: true,
ValidateFunc: validation.StringInSlice([]string{
string(servicefabric.Bronze),
string(servicefabric.Gold),
Expand All @@ -278,20 +303,17 @@ func resourceArmServiceFabricCluster() *schema.Resource {
"application_ports": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Computed: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"start_port": {
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"end_port": {
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
},
},
Expand All @@ -300,20 +322,17 @@ func resourceArmServiceFabricCluster() *schema.Resource {
"ephemeral_ports": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Computed: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"start_port": {
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"end_port": {
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
},
},
Expand Down Expand Up @@ -367,9 +386,6 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
azureActiveDirectoryRaw := d.Get("azure_active_directory").([]interface{})
azureActiveDirectory := expandServiceFabricClusterAzureActiveDirectory(azureActiveDirectoryRaw)

certificateRaw := d.Get("certificate").([]interface{})
certificate := expandServiceFabricClusterCertificate(certificateRaw)

reverseProxyCertificateRaw := d.Get("reverse_proxy_certificate").([]interface{})
reverseProxyCertificate := expandServiceFabricClusterReverseProxyCertificate(reverseProxyCertificateRaw)

Expand All @@ -391,7 +407,7 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
ClusterProperties: &servicefabric.ClusterProperties{
AddOnFeatures: addOnFeatures,
AzureActiveDirectory: azureActiveDirectory,
Certificate: certificate,
CertificateCommonNames: expandServiceFabricClusterCertificateCommonNames(d),
ReverseProxyCertificate: reverseProxyCertificate,
ClientCertificateThumbprints: clientCertificateThumbprints,
DiagnosticsStorageAccountConfig: diagnostics,
Expand All @@ -404,6 +420,11 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
},
}

if certificateRaw, ok := d.GetOk("certificate"); ok {
certificate := expandServiceFabricClusterCertificate(certificateRaw.([]interface{}))
cluster.ClusterProperties.Certificate = certificate
}

if clusterCodeVersion != "" {
cluster.ClusterProperties.ClusterCodeVersion = utils.String(clusterCodeVersion)
}
Expand Down Expand Up @@ -482,6 +503,11 @@ func resourceArmServiceFabricClusterRead(d *schema.ResourceData, meta interface{
return fmt.Errorf("Error setting `certificate`: %+v", err)
}

certificateCommonNames := flattenServiceFabricClusterCertificateCommonNames(props.CertificateCommonNames)
if err := d.Set("certificate_common_names", certificateCommonNames); err != nil {
return fmt.Errorf("Error setting `certificate_common_names`: %+v", err)
}

reverseProxyCertificate := flattenServiceFabricClusterReverseProxyCertificate(props.ReverseProxyCertificate)
if err := d.Set("reverse_proxy_certificate", reverseProxyCertificate); err != nil {
return fmt.Errorf("Error setting `reverse_proxy_certificate`: %+v", err)
Expand Down Expand Up @@ -644,6 +670,70 @@ func flattenServiceFabricClusterCertificate(input *servicefabric.CertificateDesc
return results
}

func expandServiceFabricClusterCertificateCommonNames(d *schema.ResourceData) *servicefabric.ServerCertificateCommonNames {
i := d.Get("certificate_common_names").([]interface{})
if len(i) <= 0 || i[0] == nil {
return nil
}
input := i[0].(map[string]interface{})

commonNamesRaw := input["common_names"].(*schema.Set).List()
commonNames := make([]servicefabric.ServerCertificateCommonName, 0)

for _, commonName := range commonNamesRaw {
commonNameDetails := commonName.(map[string]interface{})
certificateCommonName := commonNameDetails["certificate_common_name"].(string)
certificateIssuerThumbprint := commonNameDetails["certificate_issuer_thumbprint"].(string)

commonName := servicefabric.ServerCertificateCommonName{
CertificateCommonName: &certificateCommonName,
CertificateIssuerThumbprint: &certificateIssuerThumbprint,
}

commonNames = append(commonNames, commonName)
steve-hawkins marked this conversation as resolved.
Show resolved Hide resolved
}

x509StoreName := input["x509_store_name"].(string)

output := servicefabric.ServerCertificateCommonNames{
CommonNames: &commonNames,
X509StoreName: servicefabric.X509StoreName1(x509StoreName),
}

return &output
}

func flattenServiceFabricClusterCertificateCommonNames(in *servicefabric.ServerCertificateCommonNames) []interface{} {
if in == nil {
return []interface{}{}
}

output := make(map[string]interface{})

if commonNames := in.CommonNames; commonNames != nil {
common_names := make([]map[string]interface{}, 0)
for _, i := range *commonNames {
commonName := make(map[string]interface{})

if i.CertificateCommonName != nil {
commonName["certificate_common_name"] = *i.CertificateCommonName
}

if i.CertificateIssuerThumbprint != nil {
commonName["certificate_issuer_thumbprint"] = *i.CertificateIssuerThumbprint
}

common_names = append(common_names, commonName)
steve-hawkins marked this conversation as resolved.
Show resolved Hide resolved
}

output["common_names"] = common_names
}

output["x509_store_name"] = string(in.X509StoreName)

return []interface{}{output}
}

func expandServiceFabricClusterReverseProxyCertificate(input []interface{}) *servicefabric.CertificateDescription {
if len(input) == 0 {
return nil
Expand Down
Loading