Support sub-account on resource_mtls_client_to_imperva_certificate_site_association (#555)

* resource_mtls_client_to_imperva_certificate_site_association should support sub-account

* Removed unnecessary log prints

* Added account_is to importer block

* Returning nil when parsing fails

* Fixed error variable

Author: Hadar-imperva

incapsula/client_mtls_client_to_imperva_certificate_site_association.go

@@ -9,10 +9,14 @@ import (
 	"strings"
 )
 
-func (c *Client) GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID int) (*ClientCaCertificateWithSites, bool, error) {
+func (c *Client) GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID int, accountId string) (*ClientCaCertificateWithSites, bool, error) {
 	log.Printf("[INFO] Getting Site to mutual TLS Imperva to Origin Certificate association for Site ID %d", siteID)
 	reqURL := fmt.Sprintf("%s/certificate-manager/v2/sites/%d/client-certificates", c.config.BaseURLAPI, siteID)
 
+	if accountId != "" {
+		reqURL = fmt.Sprintf("%s?caid=%s", reqURL, accountId)
+	}
+
 	resp, err := c.DoJsonRequestWithHeaders(http.MethodGet, reqURL, nil, ReadMtlsClientToImpervaCertifiateSiteAssociation)
 	if err != nil {
 		return nil, true, fmt.Errorf("[ERROR] Error getting Site to mutual TLS Client to Imperva Certificate association for Site ID %d, certificate ID %d\n%v", siteID, certificateID, err)
@@ -57,9 +61,14 @@ func (c *Client) GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certif
 	}
 }
 
-func (c *Client) CreateSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID int) error {
+func (c *Client) CreateSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID int, accountId string) error {
 	log.Printf("[INFO] Updating Site to mutual TLS Client to Imperva Certificate Association certificate ID %d for Site ID %d", certificateID, siteID)
 	reqURL := fmt.Sprintf("%s/certificate-manager/v2/sites/%d/client-certificates/%d", c.config.BaseURLAPI, siteID, certificateID)
+
+	if accountId != "" {
+		reqURL = fmt.Sprintf("%s?caid=%s", reqURL, accountId)
+	}
+
 	resp, err := c.DoJsonRequestWithHeaders(http.MethodPost, reqURL, nil, CreateMtlsClientToImpervaCertifiateSiteAssociation)
 	if err != nil {
 		return fmt.Errorf("[ERROR] Error creating Incapsula Site to mutual TLS Client to Imperva Certificate Association for certificate ID %d, Site ID %d\n%s", certificateID, siteID, err)
@@ -76,10 +85,14 @@ func (c *Client) CreateSiteMtlsClientToImpervaCertificateAssociation(certificate
 	return nil
 }
 
-func (c *Client) DeleteSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID int) error {
+func (c *Client) DeleteSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID int, accountId string) error {
 	log.Printf("[INFO] Unassigning Site to mutual TLS Client to Imperva Certificate Association certificate ID %d for Site ID %d", certificateID, siteID)
 	reqURL := fmt.Sprintf("%s/certificate-manager/v2/sites/%d/client-certificates/%d", c.config.BaseURLAPI, siteID, certificateID)
 
+	if accountId != "" {
+		reqURL = fmt.Sprintf("%s?caid=%s", reqURL, accountId)
+	}
+
 	resp, err := c.DoJsonRequestWithHeaders(http.MethodDelete, reqURL, nil, DeleteMtlsClientToImpervaCertifiateSiteAssociation)
 	if err != nil {
 		return fmt.Errorf("[ERROR] Error deleting Incapsula Site to mutual TLS Client to Imperva Certificate Association certificate ID %d for Site ID %d\n%s", certificateID, siteID, err)

incapsula/client_mtls_client_to_imperva_certificate_site_association_test.go

@@ -19,7 +19,7 @@ func TestClientGetSiteMtlsClientToImpervaCertificateAssociationBadConnection(t *
 	siteID := 42
 	certificateID := 100
 
-	_, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+	_, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 	if err == nil {
 		t.Errorf("Should have received an error")
 	}
@@ -49,7 +49,7 @@ func TestClientGetSiteMtlsClientToImpervaCertificateAssociationBadJSON(t *testin
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	clientCaCertificateWithSites, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+	clientCaCertificateWithSites, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")
@@ -94,7 +94,7 @@ func TestClientGetSiteMtlsClientToImpervaCertificateAssociationInvalidConfig(t *
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	clientCaCertificateWithSites, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+	clientCaCertificateWithSites, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")
@@ -143,7 +143,7 @@ func TestClientGetSiteMtlsClientToImpervaCertificateAssociationValidConfig(t *te
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	clientCaCertificateWithSites, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+	clientCaCertificateWithSites, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 
 	if err != nil {
 		t.Errorf("Should not have received an error")
@@ -163,7 +163,7 @@ func TestClientCreateSiteMtlsClientToImpervaCertificateAssociationBadConnection(
 	siteID := 42
 	certificateID := 100
 
-	err := client.CreateSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+	err := client.CreateSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 	if err == nil {
 		t.Errorf("Should have received an error")
 	}
@@ -191,7 +191,7 @@ func TestClientCreateSiteMtlsClientToImpervaCertificateAssociationInvalidConfig(
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	err := client.CreateSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID)
+	err := client.CreateSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")
@@ -220,7 +220,7 @@ func TestClientCreateSiteMtlsClientToImpervaCertificateAssociationValidConfig(t
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	err := client.CreateSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID)
+	err := client.CreateSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID, "")
 
 	if err != nil {
 		t.Errorf("Should not have received an error")
@@ -237,7 +237,7 @@ func TestClientDeleteSiteMtlsClientToImpervaCertificateAssociationBadConnection(
 	siteID := 42
 	certificateID := 100
 
-	err := client.DeleteSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+	err := client.DeleteSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 	if err == nil {
 		t.Errorf("Should have received an error")
 	}
@@ -265,7 +265,7 @@ func TestClientDeleteSiteMtlsClientToImpervaCertificateAssociationInvalidConfig(
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	err := client.DeleteSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID)
+	err := client.DeleteSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")
@@ -294,7 +294,7 @@ func TestClientDeleteSiteMtlsClientToImpervaCertificateAssociationValidConfig(t
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	err := client.DeleteSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID)
+	err := client.DeleteSiteMtlsClientToImpervaCertificateAssociation(certificateID, siteID, "")
 
 	if err != nil {
 		t.Errorf("Should not have received an error on delete Client to Imperva Certificate Association ")

incapsula/resource_mtls_client_to_imperva_certificate_site_association.go

@@ -18,23 +18,32 @@ func resourceMtlsClientToImpervaCertificateSiteAssociation() *schema.Resource {
 			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
 				d.MarkNewResource()
 				idSlice := strings.Split(d.Id(), "/")
-				if len(idSlice) != 2 || idSlice[0] == "" || idSlice[1] == "" {
-					return nil, fmt.Errorf("unexpected format of Incapsula Client to Imperva CA Certificate Site Association resource ID, expected site_id/certificate_id, got %s", d.Id())
+				if len(idSlice) < 2 || len(idSlice) > 3 || idSlice[0] == "" || idSlice[1] == "" {
+					return nil, fmt.Errorf("unexpected format of Incapsula Client to Imperva CA Certificate Site Association resource ID, expected site_id/certificate_id/account_id(optional), got %s", d.Id())
 				}
 
 				_, err := strconv.Atoi(idSlice[0])
 				if err != nil {
-					fmt.Errorf("failed to convert Site Id from import command, actual value: %s, expected numeric id", idSlice[0])
+					return nil, fmt.Errorf("failed to convert Site Id from import command, actual value: %s, expected numeric id", idSlice[0])
 				}
 
 				_, err = strconv.Atoi(idSlice[1])
 				if err != nil {
-					fmt.Errorf("failed to convert Certificate Id from import command, actual value: %s, expected numeric id", idSlice[1])
+					return nil, fmt.Errorf("failed to convert Certificate Id from import command, actual value: %s, expected numeric id", idSlice[1])
 				}
 
 				d.Set("site_id", idSlice[0])
 				d.Set("certificate_id", idSlice[1])
 
+				if len(idSlice) == 3 {
+					_, err = strconv.Atoi(idSlice[2])
+					if err != nil || idSlice[2] == "" {
+						return nil, fmt.Errorf("failed to convert account Id from import command, actual value: %s, expected numeric id", idSlice[2])
+					}
+
+					d.Set("account_id", idSlice[2])
+				}
+
 				log.Printf("[DEBUG] Importing Incapsula Client to Imperva CA Certificate Site Association for Site ID %s, mutual TLS Certificate Id %s,", idSlice[0], idSlice[1])
 				return []*schema.ResourceData{d}, nil
 			},
@@ -53,19 +62,24 @@ func resourceMtlsClientToImpervaCertificateSiteAssociation() *schema.Resource {
 				Type:        schema.TypeString,
 				Required:    true,
 			},
+			"account_id": {
+				Description: "(Optional) The account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
 		},
 	}
 }
 
 func resourceSiteMtlsClientToImpervaCertificateAssociationRead(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
 
-	siteID, certificateID, _, err := validateInput(d)
+	siteID, certificateID, accountID, err := validateInput(d)
 	if err != nil {
 		return err
 	}
 
-	mTLSCertificateData, associationExists, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+	mTLSCertificateData, associationExists, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, accountID)
 	if err != nil {
 		return err
 	}
@@ -87,14 +101,15 @@ func resourceSiteMtlsClientToImpervaCertificateAssociationRead(d *schema.Resourc
 
 func resourceSiteMtlsClientToImpervaCertificateAssociationCreate(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
-	siteID, certificateID, _, err := validateInput(d)
+	siteID, certificateID, accountID, err := validateInput(d)
 	if err != nil {
 		return err
 	}
 
 	err = client.CreateSiteMtlsClientToImpervaCertificateAssociation(
 		certificateID,
 		siteID,
+		accountID,
 	)
 	if err != nil {
 		return err
@@ -105,11 +120,12 @@ func resourceSiteMtlsClientToImpervaCertificateAssociationCreate(d *schema.Resou
 
 func resourceSiteMtlsClientToImpervaCertificateAssociationDelete(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
-	siteID, certificateID, _, err := validateInput(d)
+	siteID, certificateID, accountID, err := validateInput(d)
 
 	err = client.DeleteSiteMtlsClientToImpervaCertificateAssociation(
 		certificateID,
 		siteID,
+		accountID,
 	)
 	if err != nil {
 		//todo - check error

incapsula/resource_mtls_client_to_imperva_certificate_site_association_test.go

@@ -48,7 +48,7 @@ func testACCStateSiteClientToImervaCertificateAssociationDestroy(s *terraform.St
 
 		siteID, certificateID := getResourceDetails(res)
 
-		_, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+		_, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 		if err == nil {
 			return fmt.Errorf("Resource %s with siteID ID %d still exists", siteMtlsCrtificateAssociationResourceName, siteID)
 		}
@@ -88,7 +88,7 @@ func testCheckClientToImervaCertificateAssociationExists() resource.TestCheckFun
 			}
 			siteID, certificateID := getResourceDetails(resource)
 
-			response, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID)
+			response, _, err := client.GetSiteMtlsClientToImpervaCertificateAssociation(siteID, certificateID, "")
 			if err != nil || response == nil {
 				return fmt.Errorf("Incapsula mTLS certificate ID %d is not assigned to Site ID %d", certificateID, siteID)
 			}

incapsula/resource_site_v3.go

@@ -88,7 +88,6 @@ func resourceSiteV3() *schema.Resource {
 func resourceSiteV3Add(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	client := m.(*Client)
 	var diags diag.Diagnostics
-
 	accountID, _ := d.Get("account_id").(string)
 	log.Printf("[INFO] adding v3 site to Account ID: %s to %v", accountID, d)
 	siteV3Request := SiteV3Request{}
@@ -167,7 +166,6 @@ func resourceSiteV3Read(ctx context.Context, d *schema.ResourceData, m interface
 	var diags diag.Diagnostics
 
 	accountID, _ := d.Get("account_id").(string)
-
 	log.Printf("[INFO] getting v3 site of Account ID: %s to %v", accountID, d)
 	siteV3Request := SiteV3Request{}
 	siteV3Request.SiteType = d.Get("type").(string)

website/docs/r/mtls_client_to_imperva_ca_certificate_site_association.html.markdown

@@ -49,6 +49,7 @@ The following arguments are supported:
 
 * `certificate_id` - (Required) The Mutual TLS Client to Imperva CA Certificate ID.
 * `site_id` - (Required) Numeric identifier of the site to operate on.
+* `account_id` - (Optional) The account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters.
 
 ## Attributes Reference