Merge pull request #5863 from cloudflare/tamas/zero_trust_access_mtls_certificate

chore: modernize zero_trust_access_mtls_certificate tests

Author: tamas-jozsa

internal/services/zero_trust_access_mtls_certificate/resource_test.go

@@ -12,7 +12,10 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/utils"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/statecheck"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
 )
 
 func init() {
@@ -62,7 +65,6 @@ func testSweepCloudflareAccessMutualTLSCertificate(r string) error {
 }
 
 func TestAccCloudflareAccessMutualTLSBasic(t *testing.T) {
-	t.Skip(`FIXME: "DELETE, 409 Conflict, access.api.error.conflict: certificate has active associations"`)
 	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
 	// service does not yet support the API tokens and it results in
 	// misleading state error messages.
@@ -71,7 +73,7 @@ func TestAccCloudflareAccessMutualTLSBasic(t *testing.T) {
 	}
 
 	rnd := utils.GenerateRandomResourceName()
-	name := fmt.Sprintf("cloudflare_zero_trust_access_mtls_certificate.%s", rnd)
+	resourceName := fmt.Sprintf("cloudflare_zero_trust_access_mtls_certificate.%s", rnd)
 	cert := os.Getenv("CLOUDFLARE_MUTUAL_TLS_CERTIFICATE")
 	domain := os.Getenv("CLOUDFLARE_DOMAIN")
 	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
@@ -86,12 +88,22 @@ func TestAccCloudflareAccessMutualTLSBasic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccessMutualTLSCertificateConfigBasic(rnd, cloudflare.AccountIdentifier(accountID), cert, domain),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(name, consts.AccountIDSchemaKey, accountID),
-					resource.TestCheckResourceAttr(name, "name", rnd),
-					resource.TestCheckResourceAttrSet(name, "certificate"),
-					resource.TestCheckResourceAttr(name, "associated_hostnames.#", "2"),
-				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(consts.AccountIDSchemaKey), knownvalue.StringExact(accountID)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("name"), knownvalue.StringExact(rnd)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("certificate"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("associated_hostnames"), knownvalue.ListSizeExact(2)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("id"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("fingerprint"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("expires_on"), knownvalue.NotNull()),
+				},
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateIdPrefix:     fmt.Sprintf("accounts/%s/", accountID),
+				ImportStateVerifyIgnore: []string{"certificate"},
 			},
 			{
 				// Ensures no diff on last plan
@@ -100,12 +112,15 @@ func TestAccCloudflareAccessMutualTLSBasic(t *testing.T) {
 			},
 			{
 				Config: testAccessMutualTLSCertificateUpdated(rnd, cloudflare.AccountIdentifier(accountID), cert),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(name, consts.AccountIDSchemaKey, accountID),
-					resource.TestCheckResourceAttr(name, "name", rnd),
-					resource.TestCheckResourceAttrSet(name, "certificate"),
-					resource.TestCheckResourceAttr(name, "associated_hostnames.#", "0"),
-				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(consts.AccountIDSchemaKey), knownvalue.StringExact(accountID)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("name"), knownvalue.StringExact(rnd)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("certificate"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("associated_hostnames"), knownvalue.ListSizeExact(0)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("id"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("fingerprint"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("expires_on"), knownvalue.NotNull()),
+				},
 			},
 			{
 				// Ensures no diff on last plan
@@ -117,7 +132,6 @@ func TestAccCloudflareAccessMutualTLSBasic(t *testing.T) {
 }
 
 func TestAccCloudflareAccessMutualTLSBasicWithZoneID(t *testing.T) {
-	t.Skip(`FIXME: "POST, 409 Conflict, access.api.error.conflict: certificate already exists"`)
 	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
 	// service does not yet support the API tokens and it results in
 	// misleading state error messages.
@@ -126,7 +140,7 @@ func TestAccCloudflareAccessMutualTLSBasicWithZoneID(t *testing.T) {
 	}
 
 	rnd := utils.GenerateRandomResourceName()
-	name := fmt.Sprintf("cloudflare_zero_trust_access_mtls_certificate.%s", rnd)
+	resourceName := fmt.Sprintf("cloudflare_zero_trust_access_mtls_certificate.%s", rnd)
 	cert := os.Getenv("CLOUDFLARE_MUTUAL_TLS_CERTIFICATE")
 	domain := os.Getenv("CLOUDFLARE_DOMAIN")
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
@@ -140,12 +154,22 @@ func TestAccCloudflareAccessMutualTLSBasicWithZoneID(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccessMutualTLSCertificateConfigBasic(rnd, cloudflare.ZoneIdentifier(zoneID), cert, domain),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(name, consts.ZoneIDSchemaKey, zoneID),
-					resource.TestCheckResourceAttr(name, "name", rnd),
-					resource.TestCheckResourceAttrSet(name, "certificate"),
-					resource.TestCheckResourceAttr(name, "associated_hostnames.#", "2"),
-				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(consts.ZoneIDSchemaKey), knownvalue.StringExact(zoneID)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("name"), knownvalue.StringExact(rnd)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("certificate"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("associated_hostnames"), knownvalue.ListSizeExact(2)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("id"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("fingerprint"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("expires_on"), knownvalue.NotNull()),
+				},
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateIdPrefix:     fmt.Sprintf("zones/%s/", zoneID),
+				ImportStateVerifyIgnore: []string{"certificate"},
 			},
 			{
 				// Ensures no diff on last plan
@@ -154,12 +178,15 @@ func TestAccCloudflareAccessMutualTLSBasicWithZoneID(t *testing.T) {
 			},
 			{
 				Config: testAccessMutualTLSCertificateUpdated(rnd, cloudflare.ZoneIdentifier(zoneID), cert),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(name, consts.ZoneIDSchemaKey, zoneID),
-					resource.TestCheckResourceAttr(name, "name", rnd),
-					resource.TestCheckResourceAttrSet(name, "certificate"),
-					resource.TestCheckResourceAttr(name, "associated_hostnames.#", "0"),
-				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(consts.ZoneIDSchemaKey), knownvalue.StringExact(zoneID)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("name"), knownvalue.StringExact(rnd)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("certificate"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("associated_hostnames"), knownvalue.ListSizeExact(0)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("id"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("fingerprint"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("expires_on"), knownvalue.NotNull()),
+				},
 			},
 			{
 				// Ensures no diff on last plan
@@ -170,6 +197,107 @@ func TestAccCloudflareAccessMutualTLSBasicWithZoneID(t *testing.T) {
 	})
 }
 
+func TestAccCloudflareAccessMutualTLSMinimal(t *testing.T) {
+	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
+	// service does not yet support the API tokens and it results in
+	// misleading state error messages.
+	if os.Getenv("CLOUDFLARE_API_TOKEN") != "" {
+		t.Setenv("CLOUDFLARE_API_TOKEN", "")
+	}
+
+	rnd := utils.GenerateRandomResourceName()
+	resourceName := fmt.Sprintf("cloudflare_zero_trust_access_mtls_certificate.%s", rnd)
+	cert := os.Getenv("CLOUDFLARE_MUTUAL_TLS_CERTIFICATE")
+	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.TestAccPreCheck(t)
+			acctest.TestAccPreCheck_AccountID(t)
+		},
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		CheckDestroy:             testAccCheckCloudflareAccessMutualTLSCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccessMutualTLSCertificateMinimal(rnd, cloudflare.AccountIdentifier(accountID), cert),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(consts.AccountIDSchemaKey), knownvalue.StringExact(accountID)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("name"), knownvalue.StringExact(rnd)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("certificate"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("associated_hostnames"), knownvalue.Null()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("id"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("fingerprint"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("expires_on"), knownvalue.NotNull()),
+				},
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateIdPrefix:     fmt.Sprintf("accounts/%s/", accountID),
+				ImportStateVerifyIgnore: []string{"certificate"},
+			},
+		},
+	})
+}
+
+func TestAccCloudflareAccessMutualTLSNameUpdate(t *testing.T) {
+	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
+	// service does not yet support the API tokens and it results in
+	// misleading state error messages.
+	if os.Getenv("CLOUDFLARE_API_TOKEN") != "" {
+		t.Setenv("CLOUDFLARE_API_TOKEN", "")
+	}
+
+	rnd := utils.GenerateRandomResourceName()
+	resourceName := fmt.Sprintf("cloudflare_zero_trust_access_mtls_certificate.%s", rnd)
+	cert := os.Getenv("CLOUDFLARE_MUTUAL_TLS_CERTIFICATE")
+	domain := os.Getenv("CLOUDFLARE_DOMAIN")
+	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.TestAccPreCheck(t)
+			acctest.TestAccPreCheck_AccountID(t)
+		},
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		CheckDestroy:             testAccCheckCloudflareAccessMutualTLSCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccessMutualTLSCertificateConfigBasic(rnd, cloudflare.AccountIdentifier(accountID), cert, domain),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(consts.AccountIDSchemaKey), knownvalue.StringExact(accountID)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("name"), knownvalue.StringExact(rnd)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("certificate"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("associated_hostnames"), knownvalue.ListSizeExact(2)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("id"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("fingerprint"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("expires_on"), knownvalue.NotNull()),
+				},
+			},
+			{
+				Config: testAccessMutualTLSCertificateNameUpdated(rnd, cloudflare.AccountIdentifier(accountID), cert, domain),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(consts.AccountIDSchemaKey), knownvalue.StringExact(accountID)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("name"), knownvalue.StringExact(rnd+"-updated")),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("certificate"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("associated_hostnames"), knownvalue.ListSizeExact(1)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("id"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("fingerprint"), knownvalue.NotNull()),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("expires_on"), knownvalue.NotNull()),
+				},
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateIdPrefix:     fmt.Sprintf("accounts/%s/", accountID),
+				ImportStateVerifyIgnore: []string{"certificate"},
+			},
+		},
+	})
+}
+
 func testAccCheckCloudflareAccessMutualTLSCertificateDestroy(s *terraform.State) error {
 	client, clientErr := acctest.SharedV1Client() // TODO(terraform): replace with SharedV2Clent
 	if clientErr != nil {
@@ -206,3 +334,11 @@ func testAccessMutualTLSCertificateConfigBasic(rnd string, identifier *cloudflar
 func testAccessMutualTLSCertificateUpdated(rnd string, identifier *cloudflare.ResourceContainer, cert string) string {
 	return acctest.LoadTestCase("accessmutualtlscertificateupdated.tf", rnd, identifier.Type, identifier.Identifier, cert)
 }
+
+func testAccessMutualTLSCertificateMinimal(rnd string, identifier *cloudflare.ResourceContainer, cert string) string {
+	return acctest.LoadTestCase("accessmutualtlscertificateminimal.tf", rnd, identifier.Type, identifier.Identifier, cert)
+}
+
+func testAccessMutualTLSCertificateNameUpdated(rnd string, identifier *cloudflare.ResourceContainer, cert, domain string) string {
+	return acctest.LoadTestCase("accessmutualtlscertificatenameupdated.tf", rnd, identifier.Type, identifier.Identifier, cert, domain)
+}

internal/services/zero_trust_access_mtls_certificate/testdata/accessmutualtlscertificateminimal.tf

@@ -0,0 +1,29 @@
+resource "cloudflare_zero_trust_access_mtls_certificate" "%[1]s" {
+	name                 = "%[1]s"
+	%[2]s_id             = "%[3]s"
+	certificate          = <<EOT
+-----BEGIN CERTIFICATE-----
+MIID3jCCAsagAwIBAgIUciOXgGvXP8FX1ALvZ0NDqjKu1SMwDQYJKoZIhvcNAQEL
+BQAwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEPMA0GA1UEBxMGQXVz
+dGluMRcwFQYDVQQKEw5BY2Nlc3MgVGVzdGluZzELMAkGA1UECxMCVFgxLzAtBgNV
+BAMTJlRlcnJhZm9ybSBaZXJvIFRydXN0IEFjY2VzcyBUZXN0aW5nIENBMCAXDTI1
+MDcwMzAzNTYwMFoYDzIxMjUwNjA5MDM1NjAwWjCBhTELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xFzAVBgNVBAoTDkFjY2VzcyBU
+ZXN0aW5nMQswCQYDVQQLEwJUWDEvMC0GA1UEAxMmVGVycmFmb3JtIFplcm8gVHJ1
+c3QgQWNjZXNzIFRlc3RpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDEz6bGjvmQjDRSfEk/9MIKTi2L6qtCCy9o5ySYDMmU217G3gNjjEdEzTFl
+7u548ohskl2zaL1I8uty+egGiH6tqUl4th+5eXCOilPXskH9kC4BqEHUXtaz+I0X
+7oWMXHm0pyua81W3tJ+8pX4bl6+chthML18eVSY3lDCJ8CfODXknjMevjxqqANTF
+IqQh6+xhXQxB0U8HyibfdcMSxIAwUxs4t69ytmyC5NrIAbyzB+Y5Ifh9sgyyUM5x
+VdOBtyTnmOiEVYqMIE51yRyvmQOirhJ5FTOhKpTVQw2dIWzSXqPwl4iRlgIfNPQn
+rp+wdo2YKfiyog7zPIMloMHofEb7AgMBAAGjQjBAMA0GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQyNb1vM2Lip+HlmCE1HdSk0948zDAN
+BgkqhkiG9w0BAQsFAAOCAQEAngoeqEOLehP6xIbhxth/TIDJb+13TuLJWZFc8ggD
+/BT/lMMm5BT6Wp5rA2v4QTBrfqP1ly2gKF9IQvI6vH39Rt9fHpLrejx8DZtDSkX3
+z+ZtE9Gd1Fj4InJUhVK8VPPcXYbvZ52h87qCc8/WwXCE4uh4XIhUPjU2JfLXqMuO
+uY0+PHW1AxlJWnvzj0nyH/ucjWgNyfFr+9Gvd5O1UpPvbUcx3j1RXBlqV0h8dA4h
+PZ5Ik8uuugHbWhFaPGYIo4e/zP8Hz5XNi52RYErFPs5tRnYX+7N5Vrfr2qOZd81M
+rXsidsZdH6J5zN7l8Sis98lSMWNOlrluV/3Q94wQJdT27g==
+-----END CERTIFICATE-----
+EOT
+}

internal/services/zero_trust_access_mtls_certificate/testdata/accessmutualtlscertificatenameupdated.tf

@@ -0,0 +1,30 @@
+resource "cloudflare_zero_trust_access_mtls_certificate" "%[1]s" {
+	name                 = "%[1]s-updated"
+	%[2]s_id             = "%[3]s"
+	associated_hostnames = ["updated.%[5]s"]
+	certificate          = <<EOT
+-----BEGIN CERTIFICATE-----
+MIID3jCCAsagAwIBAgIUciOXgGvXP8FX1ALvZ0NDqjKu1SMwDQYJKoZIhvcNAQEL
+BQAwgYUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEPMA0GA1UEBxMGQXVz
+dGluMRcwFQYDVQQKEw5BY2Nlc3MgVGVzdGluZzELMAkGA1UECxMCVFgxLzAtBgNV
+BAMTJlRlcnJhZm9ybSBaZXJvIFRydXN0IEFjY2VzcyBUZXN0aW5nIENBMCAXDTI1
+MDcwMzAzNTYwMFoYDzIxMjUwNjA5MDM1NjAwWjCBhTELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xFzAVBgNVBAoTDkFjY2VzcyBU
+ZXN0aW5nMQswCQYDVQQLEwJUWDEvMC0GA1UEAxMmVGVycmFmb3JtIFplcm8gVHJ1
+c3QgQWNjZXNzIFRlc3RpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDEz6bGjvmQjDRSfEk/9MIKTi2L6qtCCy9o5ySYDMmU217G3gNjjEdEzTFl
+7u548ohskl2zaL1I8uty+egGiH6tqUl4th+5eXCOilPXskH9kC4BqEHUXtaz+I0X
+7oWMXHm0pyua81W3tJ+8pX4bl6+chthML18eVSY3lDCJ8CfODXknjMevjxqqANTF
+IqQh6+xhXQxB0U8HyibfdcMSxIAwUxs4t69ytmyC5NrIAbyzB+Y5Ifh9sgyyUM5x
+VdOBtyTnmOiEVYqMIE51yRyvmQOirhJ5FTOhKpTVQw2dIWzSXqPwl4iRlgIfNPQn
+rp+wdo2YKfiyog7zPIMloMHofEb7AgMBAAGjQjBAMA0GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQyNb1vM2Lip+HlmCE1HdSk0948zDAN
+BgkqhkiG9w0BAQsFAAOCAQEAngoeqEOLehP6xIbhxth/TIDJb+13TuLJWZFc8ggD
+/BT/lMMm5BT6Wp5rA2v4QTBrfqP1ly2gKF9IQvI6vH39Rt9fHpLrejx8DZtDSkX3
+z+ZtE9Gd1Fj4InJUhVK8VPPcXYbvZ52h87qCc8/WwXCE4uh4XIhUPjU2JfLXqMuO
+uY0+PHW1AxlJWnvzj0nyH/ucjWgNyfFr+9Gvd5O1UpPvbUcx3j1RXBlqV0h8dA4h
+PZ5Ik8uuugHbWhFaPGYIo4e/zP8Hz5XNi52RYErFPs5tRnYX+7N5Vrfr2qOZd81M
+rXsidsZdH6J5zN7l8Sis98lSMWNOlrluV/3Q94wQJdT27g==
+-----END CERTIFICATE-----
+EOT
+}