Add support for load balancer certificate imports

alexng-canuck · alexng-canuck · commit 0645c4c3c790 · 2019-10-04T16:38:45.000-07:00
This requires a new composite ID for load balancer certificates
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@
 - Support for specifying network_type in `launch_options` for the `core_instance` resource
 - Support for `home_region` and `time_created` attributes in health_checks resources and datasources
 - Support for custom scheduled backup policies in Block Storage 
+- Support for importing `oci_load_balancer_certificate` resource
+
+### Notes
+Starting with this version, newly created load balancer certificates will have an `id` in the form of `loadBalancers/{loadBalancerId}/certificates/{certificateName}`.
+Load balancer certificates created with previous versions and upgrading to this version will continue to store `id` in the form of `{certificateName}`.
 
 ## 3.46.0 (October 02, 2019)
 
diff --git a/examples/load_balancer/lb_full/lb_full.tf b/examples/load_balancer/lb_full/lb_full.tf
@@ -349,7 +349,7 @@ resource "oci_load_balancer_rule_set" "test_rule_set" {
 
     conditions {
       attribute_name  = "SOURCE_VCN_ID"
-      attribute_value = "${oci_core_virtual_network.vcn1.id}"
+      attribute_value = "${oci_core_vcn.vcn1.id}"
     }
 
     conditions {
diff --git a/oci/load_balancer_certificate_resource.go b/oci/load_balancer_certificate_resource.go
@@ -5,6 +5,11 @@ package provider
 import (
 	"context"
 	"errors"
+	"fmt"
+	"log"
+	"net/url"
+	"regexp"
+	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"
 
@@ -13,6 +18,9 @@ import (
 
 func LoadBalancerCertificateResource() *schema.Resource {
 	return &schema.Resource{
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
 		Timeouts: DefaultTimeout,
 		Create:   createLoadBalancerCertificate,
 		Read:     readLoadBalancerCertificate,
@@ -102,12 +110,12 @@ type LoadBalancerCertificateResourceCrud struct {
 }
 
 func (s *LoadBalancerCertificateResourceCrud) ID() string {
-	id, workSuccess := LoadBalancerResourceID(s.Res, s.WorkRequest)
-	if id != nil {
-		return *id
-	}
-	if workSuccess {
-		return s.D.Get("certificate_name").(string)
+	if s.WorkRequest != nil {
+		if s.WorkRequest.LifecycleState == oci_load_balancer.WorkRequestLifecycleStateSucceeded {
+			return getCertificateCompositeId(s.D.Get("certificate_name").(string), s.D.Get("load_balancer_id").(string))
+		} else {
+			return *s.WorkRequest.Id
+		}
 	}
 	return ""
 }
@@ -211,14 +219,25 @@ func (s *LoadBalancerCertificateResourceCrud) Get() error {
 		request.LoadBalancerId = &tmp
 	}
 
+	certificateName := s.D.Get("certificate_name").(string)
+
+	if !strings.HasPrefix(s.D.Id(), "ocid1.loadbalancerworkrequest.") {
+		certNameFromId, loadBalancerId, err := parseCertificateCompositeId(s.D.Id())
+		if err == nil {
+			certificateName = certNameFromId
+			request.LoadBalancerId = &loadBalancerId
+		} else {
+			log.Printf("[WARN] Get() unable to parse current ID: %s", s.D.Id())
+		}
+	}
+
 	request.RequestMetadata.RetryPolicy = getRetryPolicy(s.DisableNotFoundRetries, "load_balancer")
 
 	response, err := s.Client.ListCertificates(context.Background(), request)
 	if err != nil {
 		return err
 	}
 
-	certificateName := s.D.Get("certificate_name").(string)
 	for _, item := range response.Items {
 		if *item.CertificateName == certificateName {
 			s.Res = &item
@@ -269,6 +288,15 @@ func (s *LoadBalancerCertificateResourceCrud) SetData() error {
 	if s.Res == nil {
 		return nil
 	}
+
+	certificateName, loadBalancerId, err := parseCertificateCompositeId(s.D.Id())
+	if err == nil {
+		s.D.Set("certificate_name", &certificateName)
+		s.D.Set("load_balancer_id", &loadBalancerId)
+	} else {
+		log.Printf("[WARN] SetData() unable to parse current ID: %s", s.D.Id())
+	}
+
 	if s.Res.CaCertificate != nil {
 		s.D.Set("ca_certificate", *s.Res.CaCertificate)
 	}
@@ -283,3 +311,23 @@ func (s *LoadBalancerCertificateResourceCrud) SetData() error {
 
 	return nil
 }
+
+func getCertificateCompositeId(certificateName string, loadBalancerId string) string {
+	certificateName = url.PathEscape(certificateName)
+	loadBalancerId = url.PathEscape(loadBalancerId)
+	compositeId := "loadBalancers/" + loadBalancerId + "/certificates/" + certificateName
+	return compositeId
+}
+
+func parseCertificateCompositeId(compositeId string) (certificateName string, loadBalancerId string, err error) {
+	parts := strings.Split(compositeId, "/")
+	match, _ := regexp.MatchString("loadBalancers/.*/certificates/.*", compositeId)
+	if !match || len(parts) != 4 {
+		err = fmt.Errorf("illegal compositeId %s encountered", compositeId)
+		return
+	}
+	loadBalancerId, _ = url.PathUnescape(parts[1])
+	certificateName, _ = url.PathUnescape(parts[3])
+
+	return
+}
diff --git a/oci/load_balancer_certificate_test.go b/oci/load_balancer_certificate_test.go
@@ -104,6 +104,18 @@ func TestLoadBalancerCertificateResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(datasourceName, "certificates.0.public_certificate", "-----BEGIN CERTIFICATE-----\nMIIC9jCCAd4CCQD2rPUVJETHGzANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUxDzANBgNVBAoMBk9yYWNs\nZTAeFw0xOTAxMTcyMjU4MDVaFw0yMTAxMTYyMjU4MDVaMD0xCzAJBgNVBAYTAlVT\nMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwGT3JhY2xl\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30+wt7OlUB/YpmWbTRkx\nnLG0lKWiV+oupNKj8luXmC5jvOFTUejt1pQhpA47nCqywlOAfk2N8hJWTyJZUmKU\n+DWVV2So2B/obYxpiiyWF2tcF/cYi1kBYeAIu5JkVFwDe4ITK/oQUFEhIn3Qg/oC\nMQ2985/MTdCXONgnbmePU64GrJwfvOeJcQB3VIL1BBfISj4pPw5708qTRv5MJBOO\njLKRM68KXC5us4879IrSA77NQr1KwjGnQlykyCgGvvgwgrUTd5c/dH8EKrZVcFi6\nytM66P/1CTpk1YpbI4gqiG0HBbuXG4JRIjyzW4GT4JXeSjgvrkIYL8k/M4Az1WEc\n2wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAuI53m8Va6EafDi6GQdQrzNNQFCAVQ\nxIABAB0uaSYCs3H+pqTktHzOrOluSUEogXRl0UU5/OuvxAz4idA4cfBdId4i7AcY\nqZsBjA/xqH/rxR3pcgfaGyxQzrUsJFf0ZwnzqYJs7fUvuatHJYi/cRBxrKR2+4Oj\nlUbb9TSmezlzHK5CaD5XzN+lZqbsSvN3OQbOryJCbtjZVQFGZ1SmL6OLrwpbBKuP\nn2ob+gaP57YSzO3zk1NDXMlQPHRsdSOqocyKx8y+7J0g6MqPvBzIe+wI3QW85MQY\nj1/IHmj84LNGp7pHCyiYx/oI+00gRch04H2pJv0TP3sAQ37gplBwDrUo\n-----END CERTIFICATE-----"),
 				),
 			},
+			// verify resource import
+			{
+				Config:            config,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"passphrase",
+					"private_key",
+					"state",
+				},
+				ResourceName: resourceName,
+			},
 		},
 	})
 }
diff --git a/website/docs/r/load_balancer_certificate.html.markdown b/website/docs/r/load_balancer_certificate.html.markdown
@@ -117,5 +117,9 @@ The following attributes are exported:
 
 ## Import
 
-Import is not supported for this resource.
+Certificates can be imported using the `id`, e.g.
+
+```
+$ terraform import oci_load_balancer_certificate.test_certificate "loadBalancers/{loadBalancerId}/certificates/{certificateName}" 
+```
 

Original file line number	Diff line number	Diff line change
`@@ -349,7 +349,7 @@ resource "oci_load_balancer_rule_set" "test_rule_set" {`
`349`	`349`
`350`	`350`	`conditions {`
`351`	`351`	`attribute_name = "SOURCE_VCN_ID"`
`352`		`- attribute_value = "${oci_core_virtual_network.vcn1.id}"`
	`352`	`+ attribute_value = "${oci_core_vcn.vcn1.id}"`
`353`	`353`	`}`
`354`	`354`
`355`	`355`	`conditions {`