Merge pull request #121 from imperva/custom_certificate_fix

BrachaY · web-flow · commit 1dc6ffb56f0b · 2022-01-03T06:25:53.000+02:00
Custom certificate fix
diff --git a/incapsula/client_certificate.go b/incapsula/client_certificate.go
@@ -1,13 +1,11 @@
 package incapsula
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net/url"
-	"strings"
 )
 
 // Endpoints (unexported consts)
@@ -35,12 +33,6 @@ type CertificateEditResponse struct {
 
 // AddCertificate adds a custom SSL certificate to a site in Incapsula
 func (c *Client) AddCertificate(siteID, certificate, privateKey, passphrase string) (*CertificateAddResponse, error) {
-	certificate = strings.TrimSpace(certificate)
-	_, err := base64.StdEncoding.DecodeString(certificate)
-	if err != nil {
-		// This is not a valid base64 encoded string
-		certificate = base64.StdEncoding.EncodeToString([]byte(certificate))
-	}
 
 	log.Printf("[INFO] Adding custom certificate for site_id: %s", siteID)
 
@@ -50,8 +42,7 @@ func (c *Client) AddCertificate(siteID, certificate, privateKey, passphrase stri
 	}
 
 	if privateKey != "" {
-		b64PrivateKey := base64.StdEncoding.EncodeToString([]byte(strings.TrimSpace(privateKey)))
-		values.Set("private_key", b64PrivateKey)
+		values.Set("private_key", privateKey)
 	}
 	if passphrase != "" {
 		values.Set("passphrase", passphrase)
@@ -122,18 +113,17 @@ func (c *Client) ListCertificates(siteID string) (*CertificateListResponse, erro
 
 // EditCertificate updates the custom certifiacte on an Incapsula site
 func (c *Client) EditCertificate(siteID, certificate, privateKey, passphrase string) (*CertificateEditResponse, error) {
-	b64Certificate := base64.StdEncoding.EncodeToString([]byte(strings.TrimSpace(certificate)))
 
 	log.Printf("[INFO] Editing custom certificate for Incapsula site_id: %s\n", siteID)
 
 	values := url.Values{
 		"site_id":     {siteID},
-		"certificate": {b64Certificate},
+		"certificate": {certificate},
 	}
 
 	if privateKey != "" {
-		b64PrivateKey := base64.StdEncoding.EncodeToString([]byte(strings.TrimSpace(privateKey)))
-		values.Set("private_key", b64PrivateKey)
+		values.Set("private_key", privateKey)
+
 	}
 	if passphrase != "" {
 		values.Set("passphrase", passphrase)
diff --git a/incapsula/client_policy_asset_association.go b/incapsula/client_policy_asset_association.go
@@ -15,7 +15,7 @@ type PolicyAssetAssociationStatus struct {
 
 // AddPolicyAssetAssociation adds a policy to be managed by Incapsula
 func (c *Client) AddPolicyAssetAssociation(policyID, assetID, assetType string) error {
-	log.Printf("[INFO] Adding Incapsula Policy Asset Association: %s-%s-%s\n", policyID, assetID, assetType)
+	log.Printf("[INFO] Adding Incapsula Policy Asset Association: %s/%s/%s\n", policyID, assetID, assetType)
 
 	// Post form to Incapsula
 	reqURL := fmt.Sprintf("%s/policies/v2/assets/%s/%s/policies/%s", c.config.BaseURLAPI, assetType, assetID, policyID)
@@ -41,7 +41,7 @@ func (c *Client) AddPolicyAssetAssociation(policyID, assetID, assetType string)
 
 // DeletePolicyAssetAssociation deletes a policy asset association currently managed by Incapsula
 func (c *Client) DeletePolicyAssetAssociation(policyID, assetID, assetType string) error {
-	log.Printf("[INFO] Deleting Incapsula Policy Asset Association: %s-%s-%s\n", policyID, assetID, assetType)
+	log.Printf("[INFO] Deleting Incapsula Policy Asset Association: %s/%s/%s\n", policyID, assetID, assetType)
 
 	// Delete request to Incapsula
 	reqURL := fmt.Sprintf("%s/policies/v2/assets/%s/%s/policies/%s", c.config.BaseURLAPI, assetType, assetID, policyID)
@@ -66,32 +66,32 @@ func (c *Client) DeletePolicyAssetAssociation(policyID, assetID, assetType strin
 }
 
 func (c *Client) isPolicyAssetAssociated(policyID, assetID, assetType string) (bool, error) {
-	log.Printf("[INFO] Checking Policy Asset Association: %s-%s-%s\n", policyID, assetID, assetType)
+	log.Printf("[INFO] Checking Policy Asset Association: %s/%s/%s\n", policyID, assetID, assetType)
 
 	// Check with Policies if the association exist
 	reqURL := fmt.Sprintf("%s/policies/v2/policies/%s/assets/%s/%s", c.config.BaseURLAPI, policyID, assetType, assetID)
 	resp, err := c.DoJsonRequestWithHeaders(http.MethodGet, reqURL, nil)
 	if err != nil {
-		return false, fmt.Errorf("error from Incapsula service when checking if Policy Asset Association exist: %s-%s-%s, err: %s", policyID, assetID, assetType, err)
+		return false, fmt.Errorf("error from Incapsula service when checking if Policy Asset Association exist: %s/%s/%s, err: %s", policyID, assetID, assetType, err)
 	}
 
 	// Read the body
 	defer resp.Body.Close()
 	responseBody, err := ioutil.ReadAll(resp.Body)
 
-	log.Printf("[DEBUG] Incapsula isPolicyAssetAssociated for: %s-%s-%s , response is: %s\n", policyID, assetID, assetType, string(responseBody))
+	log.Printf("[DEBUG] Incapsula isPolicyAssetAssociated for: %s/%s/%s , response is: %s\n", policyID, assetID, assetType, string(responseBody))
 
 	// Check the response code
 	// If policy asset is not associated 404 will be returned from policies
 	if resp.StatusCode != 200 {
-		return false, fmt.Errorf("Error status code %d from Incapsula service when checking the reading Policy Asset Association: %s-%s-%s, response is: %s", resp.StatusCode, policyID, assetID, assetType, string(responseBody))
+		return false, fmt.Errorf("Error status code %d from Incapsula service when checking the reading Policy Asset Association: %s/%s/%s, response is: %s", resp.StatusCode, policyID, assetID, assetType, string(responseBody))
 	}
 
 	// Parse the JSON
 	var policyAssetAssociationStatus PolicyAssetAssociationStatus
 	err = json.Unmarshal([]byte(responseBody), &policyAssetAssociationStatus)
 	if err != nil {
-		return false, fmt.Errorf("error parsing Policy Asset Association JSON response for Policy Asset Association: %d-%s-%s: %s\nresponse: %s, err: %s", resp.StatusCode, policyID, assetID, assetType, err, string(responseBody))
+		return false, fmt.Errorf("error parsing Policy Asset Association JSON response for Policy Asset Association: %d/%s/%s: %s\nresponse: %s, err: %s", resp.StatusCode, policyID, assetID, assetType, err, string(responseBody))
 	}
 
 	return true, nil
diff --git a/incapsula/resource_certificate.go b/incapsula/resource_certificate.go
@@ -10,7 +10,7 @@ func resourceCertificate() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceCertificateCreate,
 		Read:   resourceCertificateRead,
-		Update: nil,
+		Update: resourceCertificateUpdate,
 		Delete: resourceCertificateDelete,
 		Importer: &schema.ResourceImporter{
 			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
@@ -31,21 +31,18 @@ func resourceCertificate() *schema.Resource {
 				Description: "The certificate file in base64 format.",
 				Type:        schema.TypeString,
 				Required:    true,
-				ForceNew:    true,
 			},
 			// Optional Arguments
 			"private_key": {
 				Description: "The private key of the certificate in base64 format. Optional in case of PFX certificate file format. This will be encoded in sha256 in terraform state.",
 				Type:        schema.TypeString,
 				Optional:    true,
-				ForceNew:    true,
 				Sensitive:   true,
 			},
 			"passphrase": {
 				Description: "The passphrase used to protect your SSL certificate. This will be encoded in sha256 in terraform state.",
 				Type:        schema.TypeString,
 				Optional:    true,
-				ForceNew:    true,
 				Sensitive:   true,
 			},
 		},
diff --git a/website/docs/r/custom_certificate.html.markdown b/website/docs/r/custom_certificate.html.markdown
@@ -16,8 +16,8 @@ Custom certificates must be one of the following formats: PFX, PEM, or CER.
 ```hcl
 resource "incapsula_custom_certificate" "custom-certificate" {
     site_id = incapsula_site.example-site.id
-    certificate = "${file("path/to/your/cert.crt")}"
-    private_key = "${file("path/to/your/private_key.key")}"
+    certificate = filebase64("${"path/to/your/cert.crt"}")
+    private_key = filebase64("${"path/to/your/private_key.key"}")
     passphrase = "yourpassphrase"
 }
 ```
