Implement certificate rotation with internal and external CA #86
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduced two new resources: "vcf_certificate" and "vcf_external_certificate" that facilitate the rotation of SDDC Resource certificates via internal and external CA. Common operations have been extracted into the certificate_operations.go file and the schema for the certificate details has been extracted into certificate_subresource.go. Since the creation of CSR, rotation of certificate are a one-off operations I've decided to form their id with the following formula: <operation>:<domain_id>:<resource_type>:<task_id> to uniquely identify the operation instance. Testing done: make build make lint make test Signed-off-by: Dimitar Proynov <[email protected]>
dimitarproynov
requested review from
raj-chelur,
tenthirtyam,
pandeyhere and
vasilsatanasov
raj-chelur
previously approved these changes
Nov 16, 2023
tenthirtyam
previously approved these changes
Nov 17, 2023
Validation did not take into account that the last octet can be something different from 0. Testing done: make build make lint make test Signed-off-by: Dimitar Proynov <[email protected]>
dimitarproynov
dismissed stale reviews from tenthirtyam and raj-chelur
via
7704758
added 2 commits
November 21, 2023 11:13
The GET method on a CSR returns 400 if the CSR has been used to replace a certificate, failing the post-creation refresh of the E2E tests. Thus, I've moved all the code from "read" to create, which does have UX implications, but at least will not crash Terraform. With a subsequent introduction of the "lifecycle" subresource the UX issue will be solved. Added nil pointer dereference guards in the certificate_subresource.go and removed some always nil properties from the schema. Increased timeout for certificate replacement as it is a slow operation. Testing done: make build make lint make test === RUN TestAccResourceVcfResourceCertificate === PAUSE TestAccResourceVcfResourceCertificate === CONT TestAccResourceVcfResourceCertificate --- PASS: TestAccResourceVcfResourceCertificate (1260.32s) PASS Signed-off-by: Dimitar Proynov <[email protected]>
API allows only cert chain or cert + CA cert combination. Testing done: make build make lint make test === RUN TestAccResourceVcfResourceExternalCertificate === PAUSE TestAccResourceVcfResourceExternalCertificate === CONT TestAccResourceVcfResourceExternalCertificate --- PASS: TestAccResourceVcfResourceExternalCertificate (1596.07s) PASS Signed-off-by: Dimitar Proynov <[email protected]>
Also rename "vcf_resource_csr" to "vcf_csr" Testing done: make build make lint make test Signed-off-by: Dimitar Proynov <[email protected]>
|
I'm going to lock this pull request because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduced two new resources: "vcf_certificate" and "vcf_external_certificate" that facilitate the rotation of SDDC Resource certificates via internal and external CA.
Common operations have been extracted into the certificate_operations.go file and the schema for the certificate details has been extracted into certificate_subresource.go.
Since the creation of CSR, rotation of certificate are a one-off operations I've decided to form their id with the following formula: :<domain_id>:<resource_type>:<task_id> to uniquely identify the operation instance.
Summary of Pull Request
Type of Pull Request
Please describe:
Related to Existing Issues
Issue Number: N/A
Test and Documentation Coverage
For bug fixes or features:
Testing done:
make build
make lint
make test
=== RUN TestAccResourceVcfResourceExternalCertificate
=== PAUSE TestAccResourceVcfResourceExternalCertificate
=== CONT TestAccResourceVcfResourceExternalCertificate
--- PASS: TestAccResourceVcfResourceExternalCertificate (1596.07s)
PASS
=== RUN TestAccResourceVcfResourceCertificate
=== PAUSE TestAccResourceVcfResourceCertificate
=== CONT TestAccResourceVcfResourceCertificate
--- PASS: TestAccResourceVcfResourceCertificate (1260.32s)
PASS
Breaking Changes?