Add TLSCLientCert and TLSClientKey options for splunk logging #353
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Integralist
approved these changes
Jan 13, 2021
Integralist
approved these changes
Jan 18, 2021
Integralist
reviewed
Jan 21, 2021
Integralist
reviewed
Jan 21, 2021
Integralist
reviewed
Jan 21, 2021
Integralist
reviewed
Jan 21, 2021
Integralist
reviewed
Jan 21, 2021
Integralist
reviewed
Jan 21, 2021
Integralist
reviewed
Jan 21, 2021
|
Thanks @kellymclaughlin this LGTM 👍🏻 NOTE: I applied a bunch of typo suggestions. So yes, please if you could run a full test suite, and then I can get this merged. |
|
@kellymclaughlin maybe run |
@Integralist I see the same errors locally as reported in the CI output: I pulled the latest Edit: I tried the |
|
@kellymclaughlin OK so just started to look into this and I discovered the makefile target we try to call no longer exists in the terraform repo: hashicorp/terraform-website#1592 << this PR 5 days ago deleted it 🤷🏻 maybe @phamann knows off the top of his head of differences between |
|
hashicorp/terraform-website#1592 moved most of the logic to a script (content/scripts/check-incoming-links.sh) |
|
@kellymclaughlin can you rebase master please. I've removed the |
|
@kellymclaughlin also once you've pulled latest master you should find One last request, could you run Thanks! |
kellymclaughlin
force-pushed
the
splunk-tls-options
branch
from
cc5ef6a to
edf8f16
Compare
|
@Integralist I did the rebase. Here is the output I see from running |
|
Thanks @kellymclaughlin I'm going to pull your branch today and run the make target to see if I get a similar error (and if so I'll try and identify the cause). |
|
@kellymclaughlin interesting. When running Also, could you share the actual diff output so I can see what modifications were made to your local git 'staging area', as from the output you provided after running When I run the $ make generate-docs
go run scripts/generate-docs.go
$ git status
On branch splunk-tls-options
Your branch is up to date with 'origin/splunk-tls-options'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: docs/resources/service_compute.md
modified: docs/resources/service_v1.md
no changes added to commit (use "git add" and/or "git commit -a")$ git diff
diff --git a/docs/resources/service_compute.md b/docs/resources/service_compute.md
index 60f6b2c..a47fdc0 100644
--- a/docs/resources/service_compute.md
+++ b/docs/resources/service_compute.md
@@ -588,6 +588,8 @@ Required:
Optional:
- **tls_ca_cert** (String) A secure certificate to authenticate the server with. Must be in PEM format. You can provide this certificate via an environment variable, `FASTLY_SPLUNK_CA_CERT`
+- **tls_client_cert** (String) The client certificate used to make authenticated requests. Must be in PEM format.
+- **tls_client_key** (String, Sensitive) The client private key used to make authenticated requests. Must be in PEM format.
- **tls_hostname** (String) The hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN)
- **token** (String, Sensitive) The Splunk token to be used for authentication
diff --git a/docs/resources/service_v1.md b/docs/resources/service_v1.md
index 528caa4..cbca37a 100644
--- a/docs/resources/service_v1.md
+++ b/docs/resources/service_v1.md
@@ -1044,6 +1044,8 @@ Optional:
- **placement** (String) Where in the generated VCL the logging call should be placed
- **response_condition** (String) The name of the condition to apply
- **tls_ca_cert** (String) A secure certificate to authenticate the server with. Must be in PEM format. You can provide this certificate via an environment variable, `FASTLY_SPLUNK_CA_CERT`
+- **tls_client_cert** (String) The client certificate used to make authenticated requests. Must be in PEM format.
+- **tls_client_key** (String, Sensitive) The client private key used to make authenticated requests. Must be in PEM format.
- **tls_hostname** (String) The hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN)
- **token** (String, Sensitive) The Splunk token to be used for authentication |
|
@Integralist Alrighty, I've figured out the issue with 10:54:47:terraform-provider-fastly(splunk-tls-options) $ make generate-docs
go run scripts/generate-docs.go
10:55:11:terraform-provider-fastly(splunk-tls-options *) $ echo $?
0
10:55:27:terraform-provider-fastly(splunk-tls-options *) $ git status
On branch splunk-tls-options
Your branch is up to date with 'origin/splunk-tls-options'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: docs/data-sources/ip_ranges.md
modified: docs/data-sources/waf_rules.md
modified: docs/resources/service_acl_entries_v1.md
modified: docs/resources/service_compute.md
modified: docs/resources/service_v1.md
modified: docs/resources/service_waf_configuration.md
no changes added to commit (use "git add" and/or "git commit -a")
10:55:29:terraform-provider-fastly(splunk-tls-options *) $ git diff docs/
diff --git a/docs/data-sources/ip_ranges.md b/docs/data-sources/ip_ranges.md
index d31926a..ef8b212 100644
--- a/docs/data-sources/ip_ranges.md
+++ b/docs/data-sources/ip_ranges.md
@@ -36,7 +36,7 @@ resource "aws_security_group" "from_fastly" {
- **id** (String) The ID of this resource.
-### Read-only
+### Read-Only
- **cidr_blocks** (List of String) The lexically ordered list of ipv4 CIDR blocks.
- **ipv6_cidr_blocks** (List of String) The lexically ordered list of ipv6 CIDR blocks.
diff --git a/docs/data-sources/waf_rules.md b/docs/data-sources/waf_rules.md
index 2a8765c..2661647 100644
--- a/docs/data-sources/waf_rules.md
+++ b/docs/data-sources/waf_rules.md
@@ -159,14 +159,14 @@ The `rules` block supports:
- **publishers** (List of String) A list of publishers to be used as filters for the data set.
- **tags** (List of String) A list of tags to be used as filters for the data set.
-### Read-only
+### Read-Only
- **rules** (List of Object) The list of rules that results from any given combination of filters. (see [below for nested schema](#nestedatt--rules))
<a id="nestedatt--rules"></a>
### Nested Schema for `rules`
-Read-only:
+Read-Only:
- **latest_revision_number** (Number)
- **modsec_rule_id** (Number)
diff --git a/docs/resources/service_acl_entries_v1.md b/docs/resources/service_acl_entries_v1.md
index 5327679..8d461c7 100644
--- a/docs/resources/service_acl_entries_v1.md
+++ b/docs/resources/service_acl_entries_v1.md
@@ -246,6 +246,6 @@ Optional:
- **negated** (Boolean) A boolean that will negate the match if true
- **subnet** (String) An optional subnet mask applied to the IP address
-Read-only:
+Read-Only:
- **id** (String) The ID of this resource.
diff --git a/docs/resources/service_compute.md b/docs/resources/service_compute.md
index 60f6b2c..43dbb46 100644
--- a/docs/resources/service_compute.md
+++ b/docs/resources/service_compute.md
@@ -110,7 +110,7 @@ $ terraform import fastly_service_compute.demo xxxxxxxxxxxxxxxxxxxx
- **syslog** (Block Set) (see [below for nested schema](#nestedblock--syslog))
- **version_comment** (String) Description field for the version
-### Read-only
+### Read-Only
- **active_version** (Number) The currently active version of your Fastly Service
- **cloned_version** (Number) The latest cloned version by the provider. The value gets only set after running `terraform apply`
@@ -588,6 +588,8 @@ Required:
Optional:
- **tls_ca_cert** (String) A secure certificate to authenticate the server with. Must be in PEM format. You can provide this certificate via an environment variable, `FASTLY_SPLUNK_CA_CERT`
+- **tls_client_cert** (String) The client certificate used to make authenticated requests. Must be in PEM format.
+- **tls_client_key** (String, Sensitive) The client private key used to make authenticated requests. Must be in PEM format.
- **tls_hostname** (String) The hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN)
- **token** (String, Sensitive) The Splunk token to be used for authentication
diff --git a/docs/resources/service_v1.md b/docs/resources/service_v1.md
index 528caa4..72c13b7 100644
--- a/docs/resources/service_v1.md
+++ b/docs/resources/service_v1.md
@@ -282,7 +282,7 @@ $ terraform import fastly_service_v1.demo xxxxxxxxxxxxxxxxxxxx
- **version_comment** (String) Description field for the version
- **waf** (Block List, Max: 1) (see [below for nested schema](#nestedblock--waf))
-### Read-only
+### Read-Only
- **active_version** (Number) The currently active version of your Fastly Service
- **cloned_version** (Number) The latest cloned version by the provider. The value gets only set after running `terraform apply`
@@ -306,7 +306,7 @@ Required:
- **name** (String) A unique name to identify this ACL
-Read-only:
+Read-Only:
- **acl_id** (String) The ID of the ACL
@@ -430,7 +430,7 @@ Optional:
- **write_only** (Boolean) If `true`, the dictionary is a private dictionary, and items are not readable in the UI or via API. Default is `false`. It is important to note that changing this attribute will delete and recreate the dictionary, discard the current items in the dictionary. Using a write-only/private dictionary should only be done if the items are managed outside of Terraform
-Read-only:
+Read-Only:
- **dictionary_id** (String) The ID of the dictionary
@@ -465,7 +465,7 @@ Optional:
- **priority** (Number) Priority determines the ordering for multiple snippets. Lower numbers execute first. Defaults to `100`
-Read-only:
+Read-Only:
- **snippet_id** (String) The ID of the dynamic snippet
@@ -1044,6 +1044,8 @@ Optional:
- **placement** (String) Where in the generated VCL the logging call should be placed
- **response_condition** (String) The name of the condition to apply
- **tls_ca_cert** (String) A secure certificate to authenticate the server with. Must be in PEM format. You can provide this certificate via an environment variable, `FASTLY_SPLUNK_CA_CERT`
+- **tls_client_cert** (String) The client certificate used to make authenticated requests. Must be in PEM format.
+- **tls_client_key** (String, Sensitive) The client private key used to make authenticated requests. Must be in PEM format.
- **tls_hostname** (String) The hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN)
- **token** (String, Sensitive) The Splunk token to be used for authentication
@@ -1114,6 +1116,6 @@ Optional:
- **disabled** (Boolean) A flag used to completely disable a Web Application Firewall. This is intended to only be used in an emergency
- **prefetch_condition** (String) The `condition` to determine which requests will be run past your Fastly WAF. This `condition` must be of type `PREFETCH`. For detailed information about Conditionals, see [Fastly's Documentation on Conditionals](https://docs.fastly.com/en/guides/using-conditions)
-Read-only:
+Read-Only:
- **waf_id** (String) The ID of the WAF
diff --git a/docs/resources/service_waf_configuration.md b/docs/resources/service_waf_configuration.md
index f8eba9f..77ef7d0 100644
--- a/docs/resources/service_waf_configuration.md
+++ b/docs/resources/service_waf_configuration.md
@@ -638,6 +638,6 @@ Optional:
- **modsec_rule_ids** (Set of Number) Set of modsecurity IDs to be excluded. No rules should be provided when `exclusion_type` is `waf`. The rules need to be configured on the Web Application Firewall to be excluded
-Read-only:
+Read-Only:
- **number** (Number) The numeric ID assigned to the WAF Rule Exclusion
(END)
-Read-only:
+Read-Only:
- **acl_id** (String) The ID of the ACL
@@ -430,7 +430,7 @@ Optional:
- **write_only** (Boolean) If `true`, the dictionary is a private dictionary, and items are not readable in the UI or via API. Default is `false`. It is important to note that changing this attribute will delete and recreate the dictionary, discard the current items in the dictionary. Using a write-only/private dictionary should only be done if the items are managed outside of Terraform
-Read-only:
+Read-Only:
- **dictionary_id** (String) The ID of the dictionary
@@ -465,7 +465,7 @@ Optional:
- **priority** (Number) Priority determines the ordering for multiple snippets. Lower numbers execute first. Defaults to `100`
-Read-only:
+Read-Only:
- **snippet_id** (String) The ID of the dynamic snippet
@@ -1044,6 +1044,8 @@ Optional:
- **placement** (String) Where in the generated VCL the logging call should be placed
- **response_condition** (String) The name of the condition to apply
- **tls_ca_cert** (String) A secure certificate to authenticate the server with. Must be in PEM format. You can provide this certificate via an environment variable, `FASTLY_SPLUNK_CA_CERT`
+- **tls_client_cert** (String) The client certificate used to make authenticated requests. Must be in PEM format.
+- **tls_client_key** (String, Sensitive) The client private key used to make authenticated requests. Must be in PEM format.
- **tls_hostname** (String) The hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN)
- **token** (String, Sensitive) The Splunk token to be used for authentication
@@ -1114,6 +1116,6 @@ Optional:
- **disabled** (Boolean) A flag used to completely disable a Web Application Firewall. This is intended to only be used in an emergency
- **prefetch_condition** (String) The `condition` to determine which requests will be run past your Fastly WAF. This `condition` must be of type `PREFETCH`. For detailed information about Conditionals, see [Fastly's Documentation on Conditionals](https://docs.fastly.com/en/guides/using-conditions)
-Read-only:
+Read-Only:
- **waf_id** (String) The ID of the WAF
diff --git a/docs/resources/service_waf_configuration.md b/docs/resources/service_waf_configuration.md
index f8eba9f..77ef7d0 100644
--- a/docs/resources/service_waf_configuration.md
+++ b/docs/resources/service_waf_configuration.md
@@ -638,6 +638,6 @@ Optional:
- **modsec_rule_ids** (Set of Number) Set of modsecurity IDs to be excluded. No rules should be provided when `exclusion_type` is `waf`. The rules need to be configured on the Web Application Firewall to be excluded
-Read-only:
+Read-Only:
- **number** (Number) The numeric ID assigned to the WAF Rule Exclusion |
|
Nice! Thanks @kellymclaughlin -- interesting you got a case sensitivity change 🤔 wonder if that's a newer version to the We should get those documentation changes committed because when we cut a new terraform release, there is a webhook on this repo that will attempt to publish the updated documentation to the terraform registry. Ps, I'm trying to add a new CI workflow for checking if docs need to be regenerated (rather than devs having to remember to run |
|
I did grab the latest version of |
|
@kellymclaughlin can you rebase master one more time please as we have updated the code for generating the documentation (such that we should hopefully ensure we're all using the same version -- you'll need to manually uninstall |
kellymclaughlin
force-pushed
the
splunk-tls-options
branch
from
edf8f16 to
9f8642b
Compare
kellymclaughlin
force-pushed
the
splunk-tls-options
branch
from
9f8642b to
7c7dc88
Compare
All done and looks like the CI checks are all happy. |
🎉 🎉 🎉 |
Integralist
added a commit
that referenced
this pull request
Feb 17, 2021
* TLS Custom Private Key Resource * TLS Configuration Data Source * TLS Custom Certificate Resource * TLS Custom Private Key Data Source * TLS Custom Certificate Data Source Also add sweepers for TLS certificates and private keys to easily clean up resources leaked during any failed tests. * TLS Activation Resource * TLS Activation Data Source * TLS Private Key IDs Data Source * TLS Custom Certificate IDs Data Source * TLS Configuration IDs Data Source * TLS Activation IDs Data Source * Change test names to use underscore Terraform testing style guide seems to suggest camel case is used for the main test name then an underscore separates different variations of it. * Add dns_records attribute to TLS Configuration Data Source * TLS Platform Certificate Resource * Update go-fastly reference based on merged PR * TLS Platform Certificate Data Source * TLS Platform Certificate IDs Data Source * Platform TLS Data Sources documentation * Remove redundant `id` filter function * Bring in changes from upstream and modify new code to match Main changes were moving docs generation to tfplugindocs, and updating the go-fastly SDK to v3. I added some changes to the upstream docs generation to avoid having to globally install tfplugindocs. This was also done upstream so I had to do some large merge conflict resolution in this commit to combine the similar but different updates. One commit message related to vendoring tfplugindocs was: > Don't cache dependencies in github PR workflow, instead rely on /vendor > > Including the tfplugindocs module in vendor means it's updating with `go > mod vendor` along with the other libraries used. When running `go > install`, this vendored copy is used, and installed to a project-local > /bin directory. This enables the version of tfplugindocs used to be > independent of other go projects installed on one's system. > > This change means `make dependencies` is no longer used, and isn't > needed in the github PR workflow. Furthermore, the source code for the > tool is included in the /vendor already so the caching of ~/go/* isn't > required either. * Stylistic tweaks to make resources more aligned A couple naming/structure things resulting from different people writing the code. Have just tidied them up before PRing. * Add TLSCLientCert and TLSClientKey options for splunk logging (#353) * Add TLSCLientCert and TLSClientKey options for splunk logging * Add some comments to clarify the usage splunk test tls cert values * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go * Update fastly/block_fastly_service_v1_splunk_test.go Co-authored-by: Mark McDonnell <[email protected]> * Update go-fastly reference * Support multiple certificates in platform certificate intermediates_blob The intermediates_blob field of the fastly_tls_platform_certificate resource can contain PEM blocks representing an arbitrary length chain of certificates. The validation function for this field has been updated to reflect this. It now loops through the provided string and checks that each block it finds matches the expected block type until it reaches the end of the string. Similarly the validation function for one single block has been updated to fail if the string contains more than one PEM block. * Use allow_untrusted_root in platform certificate update function Was only used in creation function but should have also been used in update too. * Update go-fastly reference to v3.3.0 Also removed the `replace` directive in the go.mod to remove dependency on opencredo fork. * First updates from PR feedback - removal of unneeded .gitignore entry - removal of superfluous whitespace in docs example block - conversion of TypeList to TypeSet in plural data sources' `ids` field - a couple typo fixes here and there - removal of Set function for controlling set hashing, unneeded - consolidation of function naming to include "Fastly" before resource name - fix some acctest.RandomWithPrefix with duplicate prefix - clarify some comments - add some checks in testAcc.*Exists functions when accessing the map of resources in state to avoid a panic if resource not found * Make tfplugindocs location configurable with flag instead of PATH Add a -tfplugindocsPath command line argument to the parsing script to make it a bit more robust than dynamically setting the PATH variable in the Makefile. Defaults to local bin, as the Makefile expects, but I still set the argument in the Makefile in case someone modifies the BIN variable. Co-authored-by: Will May <[email protected]> Co-authored-by: Trent Rosenbaum <[email protected]> Co-authored-by: Kelly McLaughlin <[email protected]> Co-authored-by: Mark McDonnell <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for the
TLSClientCertandTLSClientKeyoptions.Follows from this
go-fastlyPR.Testing
I ran the splunk tests to verify the change and I will defer the full suite run until after code review.