Skip to content

Commit

Permalink
Define certificates in tls_certificate data source, as a List o…
Browse files Browse the repository at this point in the history 
…f `Object`, instead of a blocks' list

This is necessary. so that we can express to Terraform that the attribute is indeed `Computed` and it can't be expected to be populated, until the data source is read.

This was creating an issue (see #244), as Terraform protocol doesn't support expressing that a Block is Computed: only attributes can be.

This approach avoids the use of `NestedAttributes`, and as such is compatible with Protocol v5 (i.e. TF >= 0.12).
  • Loading branch information
Ivan De Marino committed Jul 25, 2022
1 parent 9637d90 commit d48f2b8
Showing 1 changed file with 7 additions and 74 deletions.
81 changes: 7 additions & 74 deletions internal/provider/data_source_certificate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,83 +84,16 @@ func (dst *certificateDataSourceType) GetSchema(_ context.Context) (tfsdk.Schema
Computed: true,
MarkdownDescription: "Unique identifier of this data source: hashing of the certificates in the chain.",
},
},
Blocks: map[string]tfsdk.Block{
"certificates": {
NestingMode: tfsdk.BlockNestingModeList,
MinItems: 0,
// TODO Remove the validators below, once a fix for https://github.com/hashicorp/terraform-plugin-framework/issues/421 ships
Validators: []tfsdk.AttributeValidator{
listvalidator.SizeAtLeast(0),
},
Attributes: map[string]tfsdk.Attribute{
"signature_algorithm": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "The algorithm used to sign the certificate.",
},
"public_key_algorithm": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "The key algorithm used to create the certificate.",
},
"serial_number": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "Number that uniquely identifies the certificate with the CA's system. " +
"The `format` function can be used to convert this _base 10_ number " +
"into other bases, such as hex.",
},
"is_ca": {
Type: types.BoolType,
Computed: true,
MarkdownDescription: "`true` if the certificate is of a CA (Certificate Authority).",
},
"version": {
Type: types.Int64Type,
Computed: true,
MarkdownDescription: "The version the certificate is in.",
},
"issuer": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "Who verified and signed the certificate, roughly following " +
"[RFC2253](https://tools.ietf.org/html/rfc2253).",
},
"subject": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "The entity the certificate belongs to, roughly following " +
"[RFC2253](https://tools.ietf.org/html/rfc2253).",
},
"not_before": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "The time after which the certificate is valid, as an " +
"[RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.",
},
"not_after": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "The time until which the certificate is invalid, as an " +
"[RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.",
},
"sha1_fingerprint": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "The SHA1 fingerprint of the public key of the certificate.",
},
"cert_pem": {
Type: types.StringType,
Computed: true,
MarkdownDescription: "Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. " +
"**NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) " +
"[libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this " +
"value append a `\\n` at the end of the PEM. " +
"In case this disrupts your use case, we recommend using " +
"[`trimspace()`](https://www.terraform.io/language/functions/trimspace).",
Type: types.ListType{
ElemType: types.ObjectType{
AttrTypes: x509CertObjectAttrTypes(),
},
},
Computed: true,
Validators: []tfsdk.AttributeValidator{
listvalidator.SizeAtLeast(1),
},
MarkdownDescription: "The certificates protecting the site, with the root of the chain first.",
},
},
Expand Down

0 comments on commit d48f2b8

Please sign in to comment.