dev certificate resource (dell#129)

* dev certificate resource * moved check server to certutils function * added certutil params struct * go fmt
keleustes · Nov 27, 2023 · 102e401 · 102e401
1 parent 11066f0
commit 102e401
Show file tree

Hide file tree

Showing 12 changed files with 628 additions and 0 deletions.
diff --git a/docs/resources/certificate.md b/docs/resources/certificate.md
@@ -0,0 +1,84 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "redfish_certificate Resource - terraform-provider-redfish"
+subcategory: ""
+description: |-
+  Resource for import the ssl certificate to iDRAC, on the basis of input parameter Type. After importing the certificate, the iDRAC will automatically restart.
+---
+
+# redfish_certificate (Resource)
+
+Resource for import the ssl certificate to iDRAC, on the basis of input parameter Type. After importing the certificate, the iDRAC will automatically restart.
+
+## Example Usage
+
+```terraform
+/*
+Copyright (c) 2023 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+data "local_file" "cert" {
+  # this is the path to the certificate that we want to upload.
+  filename = "/root/certificate/new/terraform-provider-redfish/test-data/valid-cert.txt"
+}
+
+resource "redfish_certificate" "cert" {
+  for_each = var.rack1
+
+  redfish_server {
+    user         = each.value.user
+    password     = each.value.password
+    endpoint     = each.value.endpoint
+    ssl_insecure = each.value.ssl_insecure
+  }
+
+  certificate_type        = "CustomCertificate"
+  passphrase              = "12345"
+  ssl_certificate_content = data.local_file.cert.content
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `certificate_type` (String) Type of the certificate to be imported.
+- `ssl_certificate_content` (String) SSLCertificate File require content of certificate 
+				supported certificate type: 
+				"CustomCertificate" - The certificate must be converted pkcs#12 format to encoded in Base64 and entire Base64 Content is required. The passphrase that was used to convert the certificate to pkcs#12 format must also be provided in "passphrase" attribute. "Server" - Certificate Content is required. Note - The certificate should be signed with hashing algorithm equivalent to sha256.
+
+### Optional
+
+- `passphrase` (String) A passphrase for certificate file. Note: This is optional parameter for CSC certificate, and not required for Server and CA certificates.
+- `redfish_server` (Block List) List of server BMCs and their respective user credentials (see [below for nested schema](#nestedblock--redfish_server))
+
+### Read-Only
+
+- `id` (String) ID
+
+<a id="nestedblock--redfish_server"></a>
+### Nested Schema for `redfish_server`
+
+Required:
+
+- `endpoint` (String) Server BMC IP address or hostname
+
+Optional:
+
+- `password` (String, Sensitive) User password for login
+- `ssl_insecure` (Boolean) This field indicates whether the SSL/TLS certificate must be verified or not
+- `user` (String) User name for login
diff --git a/examples/resources/redfish_certificate/provider.tf b/examples/resources/redfish_certificate/provider.tf
@@ -0,0 +1,28 @@
+/*
+Copyright (c) 2023 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+terraform {
+  required_providers {
+    redfish = {
+      version = "1.1.0"
+      source  = "registry.terraform.io/dell/redfish"
+    }
+  }
+}
+
+provider "redfish" {
+}
diff --git a/examples/resources/redfish_certificate/resource.tf b/examples/resources/redfish_certificate/resource.tf
@@ -0,0 +1,36 @@
+/*
+Copyright (c) 2023 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+data "local_file" "cert" {
+  # this is the path to the certificate that we want to upload.
+  filename = "/root/certificate/new/terraform-provider-redfish/test-data/valid-cert.txt"
+}
+
+resource "redfish_certificate" "cert" {
+  for_each = var.rack1
+
+  redfish_server {
+    user         = each.value.user
+    password     = each.value.password
+    endpoint     = each.value.endpoint
+    ssl_insecure = each.value.ssl_insecure
+  }
+
+  certificate_type        = "CustomCertificate"
+  passphrase              = "12345"
+  ssl_certificate_content = data.local_file.cert.content
+}
diff --git a/examples/resources/redfish_certificate/terraform.tfvars b/examples/resources/redfish_certificate/terraform.tfvars
@@ -0,0 +1,31 @@
+/*
+Copyright (c) 2023 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+rack1 = {
+  "my-server-1" = {
+    user         = "admin"
+    password     = "passw0rd"
+    endpoint     = "https://my-server-1.myawesomecompany.org"
+    ssl_insecure = true
+  },
+  "my-server-2" = {
+    user         = "admin"
+    password     = "passw0rd"
+    endpoint     = "https://my-server-2.myawesomecompany.org"
+    ssl_insecure = true
+  },
+}
diff --git a/examples/resources/redfish_certificate/variables.tf b/examples/resources/redfish_certificate/variables.tf
@@ -0,0 +1,25 @@
+/*
+Copyright (c) 2023 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Mozilla Public License Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://mozilla.org/MPL/2.0/
+
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+variable "rack1" {
+  type = map(object({
+    user         = string
+    password     = string
+    endpoint     = string
+    ssl_insecure = bool
+  }))
+}
diff --git a/redfish/models/certificate.go b/redfish/models/certificate.go
@@ -0,0 +1,21 @@
+package models
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+// SSLCertificate struct for payload construct for create certificate api
+type SSLCertificate struct {
+	CertificateType    string `json:"CertificateType"`
+	Passphrase         string `json:"Passphrase"`
+	SSLCertificateFile string `json:"SSLCertificateFile"`
+}
+
+// RedfishSSLCertificate for terraform schema of certificate resource
+type RedfishSSLCertificate struct {
+	ID                 types.String    `tfsdk:"id"`
+	RedfishServer      []RedfishServer `tfsdk:"redfish_server"`
+	CertificateType    types.String    `tfsdk:"certificate_type"`
+	Passphrase         types.String    `tfsdk:"passphrase"`
+	SSLCertificateFile types.String    `tfsdk:"ssl_certificate_content"`
+}
diff --git a/redfish/provider/common.go b/redfish/provider/common.go
@@ -130,6 +130,9 @@ func getSystemResource(service *gofish.Service) (*redfish.ComputerSystem, error)
 // To-Do: Verify from plan modifier, if required implement wrapper for validation of unknown in redfish_server.
 func NewConfig(pconfig *redfishProvider, rserver *[]models.RedfishServer) (*gofish.Service, error) {
 	// first redfish server block
+	if len(*rserver) == 0 {
+		return nil, errors.New("redfish server config not present")
+	}
 	rserver1 := (*rserver)[0]
 	var redfishClientUser, redfishClientPass string
 

diff --git a/redfish/provider/provider.go b/redfish/provider/provider.go
@@ -105,6 +105,7 @@ func (*redfishProvider) Resources(_ context.Context) []func() resource.Resource
 		NewRedfishStorageVolumeResource,
 		NewBiosResource,
 		NewManagerResetResource,
+		NewCertificateResource,
 	}
 }