support sub account on incapsula_mtls_imperva_to_origin_certificate_site_association resource (#540)

* add resource_test_utils.go class with method to print the state

* support sub account on incapsula_mtls_imperva_to_origin_certificate_site_association resource

* support sub account on incapsula_mtls_imperva_to_origin_certificate_site_association resource

Author: dotanrazimpv

incapsula/client_mtls_imperva_to_origin_certificate_site_association.go

@@ -8,10 +8,12 @@ import (
 	"net/http"
 )
 
-func (c *Client) GetSiteMtlsCertificateAssociation(certificateID, siteID int) (bool, error) {
+func (c *Client) GetSiteMtlsCertificateAssociation(certificateID, siteID int, accountId string) (bool, error) {
 	log.Printf("[INFO] Getting Site to mutual TLS Imperva to Origin Certificate association for Site ID %d", siteID)
 	reqURL := fmt.Sprintf("%s%s/%d/associated-sites/%d", c.config.BaseURLAPI, endpointMTLSCertificate, certificateID, siteID)
-
+	if accountId != "" {
+		reqURL = fmt.Sprintf("%s?caid=%s", reqURL, accountId)
+	}
 	resp, err := c.DoJsonRequestWithHeaders(http.MethodGet, reqURL, nil, "ReadSiteMtlsImpervaToOriginCertifiateAssociation")
 	if err != nil {
 		return false, fmt.Errorf("[ERROR] Error getting Site to mutual TLS Imperva to Origin Certificate association for Site ID %d: %s", siteID, err)
@@ -31,10 +33,12 @@ func (c *Client) GetSiteMtlsCertificateAssociation(certificateID, siteID int) (b
 	}
 }
 
-func (c *Client) CreateSiteMtlsCertificateAssociation(certificateID, siteID int) error {
+func (c *Client) CreateSiteMtlsCertificateAssociation(certificateID, siteID int, accountId string) error {
 	log.Printf("[INFO] Updating Site to mutual TLS Imperva to Origin Certificate association for certificate ID %d, Site ID %d", certificateID, siteID)
 	reqURL := fmt.Sprintf("%s%s/%d/associated-sites/%d", c.config.BaseURLAPI, endpointMTLSCertificate, certificateID, siteID)
-
+	if accountId != "" {
+		reqURL = fmt.Sprintf("%s?caid=%s", reqURL, accountId)
+	}
 	resp, err := c.DoJsonRequestWithHeaders(http.MethodPut, reqURL, nil, CreateSiteMtlsImpervaToOriginCertifiateAssociation)
 	if err != nil {
 		return fmt.Errorf("[ERROR] Error creating Incapsula Site to Imperva to Origin mutual TLS Certificate Association for certificate ID %d, Site ID %d\n%s", certificateID, siteID, err)
@@ -51,10 +55,12 @@ func (c *Client) CreateSiteMtlsCertificateAssociation(certificateID, siteID int)
 	return nil
 }
 
-func (c *Client) DeleteSiteMtlsCertificateAssociation(certificateID, siteID int) error {
+func (c *Client) DeleteSiteMtlsCertificateAssociation(certificateID, siteID int, accountId string) error {
 	log.Printf("[INFO] Unassigning Site to mutual TLS Imperva to Origin Certificate association for certificate ID %d, Site ID %d", certificateID, siteID)
 	reqURL := fmt.Sprintf("%s%s/%d/associated-sites/%d", c.config.BaseURLAPI, endpointMTLSCertificate, certificateID, siteID)
-
+	if accountId != "" {
+		reqURL = fmt.Sprintf("%s?caid=%s", reqURL, accountId)
+	}
 	resp, err := c.DoJsonRequestWithHeaders(http.MethodDelete, reqURL, nil, DeleteSiteMtlsImpervaToOriginCertifiateAssociation)
 	if err != nil {
 		return fmt.Errorf("[ERROR] Error deleting Incapsula Site to Imperva to Origin mutual TLS Certificate Association for certificate ID %d for Site ID %d\n%s", certificateID, siteID, err)

incapsula/client_mtls_imperva_to_origin_certificate_site_association_test.go

@@ -19,7 +19,7 @@ func TestClientGetSiteMtlsCertificateAssociationBadConnection(t *testing.T) {
 	siteID := 42
 	certId := 100
 
-	_, err := client.GetSiteMtlsCertificateAssociation(certId, siteID)
+	_, err := client.GetSiteMtlsCertificateAssociation(certId, siteID, "")
 	if err == nil {
 		t.Errorf("Should have received an error")
 	}
@@ -49,7 +49,7 @@ func TestClientGetSiteMtlsCertificateAssociationBadJSON(t *testing.T) {
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	certificateExists, err := client.GetSiteMtlsCertificateAssociation(certifiateID, siteID)
+	certificateExists, err := client.GetSiteMtlsCertificateAssociation(certifiateID, siteID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")
@@ -95,7 +95,7 @@ func TestClientGetSiteMtlsCertificateAssociationInvalidConfig(t *testing.T) {
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	certificateExists, err := client.GetSiteMtlsCertificateAssociation(certifiateID, siteID)
+	certificateExists, err := client.GetSiteMtlsCertificateAssociation(certifiateID, siteID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")
@@ -129,7 +129,7 @@ func TestClientGetSiteMtlsCertificateAssociationValidConfig(t *testing.T) {
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	certificateExists, err := client.GetSiteMtlsCertificateAssociation(certifiateID, siteID)
+	certificateExists, err := client.GetSiteMtlsCertificateAssociation(certifiateID, siteID, "")
 
 	if err != nil {
 		t.Errorf("Should not have received an error")
@@ -149,7 +149,7 @@ func TestClientCreateSiteMtlsCertificateAssociationBadConnection(t *testing.T) {
 	siteID := 42
 	certificateID := 100
 
-	err := client.CreateSiteMtlsCertificateAssociation(certificateID, siteID)
+	err := client.CreateSiteMtlsCertificateAssociation(certificateID, siteID, "")
 	if err == nil {
 		t.Errorf("Should have received an error")
 	}
@@ -191,7 +191,7 @@ func TestClientUpdateSiteMtlsCertificateAssociationInvalidConfig(t *testing.T) {
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	err := client.CreateSiteMtlsCertificateAssociation(certificateID, siteID)
+	err := client.CreateSiteMtlsCertificateAssociation(certificateID, siteID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")
@@ -211,7 +211,7 @@ func TestClientDeleteSiteMtlsCertificateAssociationBadConnection(t *testing.T) {
 	siteID := 42
 	certificateID := 100
 
-	err := client.DeleteSiteMtlsCertificateAssociation(certificateID, siteID)
+	err := client.DeleteSiteMtlsCertificateAssociation(certificateID, siteID, "")
 	if err == nil {
 		t.Errorf("Should have received an error")
 	}
@@ -254,7 +254,7 @@ func TestClientDeleteSiteMtlsCertificateAssociationInvalidConfig(t *testing.T) {
 	config := &Config{APIID: apiID, APIKey: apiKey, BaseURL: server.URL, BaseURLRev2: server.URL, BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	err := client.CreateSiteMtlsCertificateAssociation(certificateID, siteID)
+	err := client.CreateSiteMtlsCertificateAssociation(certificateID, siteID, "")
 
 	if err == nil {
 		t.Errorf("Should have received an error")

incapsula/mtls_utils.go

@@ -8,19 +8,23 @@ import (
 
 const ignoreSensitiveVariableString = "Exported Certificate - data placeholder"
 
-func validateInput(d *schema.ResourceData) (int, int, error) {
+func validateInput(d *schema.ResourceData) (int, int, string, error) {
 	siteIDStr := d.Get("site_id").(string)
 	certificateIDStr := d.Get("certificate_id").(string)
+	accountId := ""
+	if d.Get("account_id") != nil {
+		accountId = d.Get("account_id").(string)
+	}
 
 	siteID, err := strconv.Atoi(siteIDStr)
 	if err != nil {
-		return 0, 0, fmt.Errorf("failed to convert Site Id, actual value: %s, expected numeric id", siteIDStr)
+		return 0, 0, accountId, fmt.Errorf("failed to convert Site Id, actual value: %s, expected numeric id", siteIDStr)
 	}
 
 	certificateID, err := strconv.Atoi(certificateIDStr)
 	if err != nil {
-		return 0, 0, fmt.Errorf("failed to convert certificate Id, actual value: %s, expected numeric id", certificateIDStr)
+		return 0, 0, accountId, fmt.Errorf("failed to convert certificate Id, actual value: %s, expected numeric id", certificateIDStr)
 	}
 
-	return siteID, certificateID, nil
+	return siteID, certificateID, accountId, nil
 }

incapsula/resource_certificate_test.go

@@ -39,6 +39,7 @@ func TestAccIncapsulaCustomCertificate_Basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testCheckIncapsulaCertificateExists(certificateResourceName),
 					resource.TestCheckResourceAttr(certificateResource, "input_hash", calculatedHashBase64),
+					printState(),
 				),
 			},
 		},

incapsula/resource_mtls_client_to_imperva_certificate_site_association.go

@@ -60,7 +60,7 @@ func resourceMtlsClientToImpervaCertificateSiteAssociation() *schema.Resource {
 func resourceSiteMtlsClientToImpervaCertificateAssociationRead(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
 
-	siteID, certificateID, err := validateInput(d)
+	siteID, certificateID, _, err := validateInput(d)
 	if err != nil {
 		return err
 	}
@@ -87,7 +87,7 @@ func resourceSiteMtlsClientToImpervaCertificateAssociationRead(d *schema.Resourc
 
 func resourceSiteMtlsClientToImpervaCertificateAssociationCreate(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
-	siteID, certificateID, err := validateInput(d)
+	siteID, certificateID, _, err := validateInput(d)
 	if err != nil {
 		return err
 	}
@@ -105,7 +105,7 @@ func resourceSiteMtlsClientToImpervaCertificateAssociationCreate(d *schema.Resou
 
 func resourceSiteMtlsClientToImpervaCertificateAssociationDelete(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
-	siteID, certificateID, err := validateInput(d)
+	siteID, certificateID, _, err := validateInput(d)
 
 	err = client.DeleteSiteMtlsClientToImpervaCertificateAssociation(
 		certificateID,

incapsula/resource_mtls_client_to_imperva_certificate_test.go

@@ -28,6 +28,7 @@ func TestAccIncapsulaMtlsClientToImervaCertificate_Basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testCheckMtlsClientToImervaCertificateExists(),
 					resource.TestCheckResourceAttr(mtlsClientToImervaCertificateResource, "certificate_name", "acceptance test CA certificate"),
+					printState(),
 				),
 			},
 		},

incapsula/resource_mtls_imperva_to_origin_certificate_site_association.go

@@ -42,19 +42,24 @@ func resourceMtlsImpervaToOriginCertificateSiteAssociation() *schema.Resource {
 				Type:        schema.TypeString,
 				Required:    true,
 			},
+			"account_id": {
+				Description: "(Optional) The account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
 		},
 	}
 }
 
 func resourceSiteMtlsCertificateAssociationRead(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
 
-	siteID, certificateID, err := validateInput(d)
+	siteID, certificateID, accountId, err := validateInput(d)
 	if err != nil {
 		return err
 	}
 
-	associationExists, err := client.GetSiteMtlsCertificateAssociation(certificateID, siteID)
+	associationExists, err := client.GetSiteMtlsCertificateAssociation(certificateID, siteID, accountId)
 	if err != nil {
 		return err
 	}
@@ -72,14 +77,15 @@ func resourceSiteMtlsCertificateAssociationRead(d *schema.ResourceData, m interf
 
 func resourceSiteMtlsCertificateAssociationCreate(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
-	siteID, certificateID, err := validateInput(d)
+	siteID, certificateID, accountId, err := validateInput(d)
 	if err != nil {
 		return err
 	}
 
 	err = client.CreateSiteMtlsCertificateAssociation(
 		certificateID,
 		siteID,
+		accountId,
 	)
 	if err != nil {
 		return err
@@ -89,11 +95,12 @@ func resourceSiteMtlsCertificateAssociationCreate(d *schema.ResourceData, m inte
 
 func resourceSiteMtlsCertificateAssociationDelete(d *schema.ResourceData, m interface{}) error {
 	client := m.(*Client)
-	siteID, certificateID, err := validateInput(d)
+	siteID, certificateID, accountId, err := validateInput(d)
 
 	err = client.DeleteSiteMtlsCertificateAssociation(
 		certificateID,
 		siteID,
+		accountId,
 	)
 	if err != nil {
 		return err

incapsula/resource_mtls_imperva_to_origin_certificate_site_association_test.go

@@ -26,6 +26,7 @@ func TestAccIncapsulaSiteMtlsCertificateAssociation_Basic(t *testing.T) {
 				Config: testAccCheckSiteMtlsCertificateAssociationBasic(t),
 				Check: resource.ComposeTestCheckFunc(
 					testCheckSiteMtlsCertificateAssociationExists(),
+					printState(),
 				),
 			},
 		},

incapsula/resource_test_utils.go

@@ -0,0 +1,26 @@
+package incapsula
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+// extracts the primary attributes of a resource from the state.
+func extractAttributes(s *terraform.State) map[string]map[string]string {
+	attributes := make(map[string]map[string]string)
+	for name, rs := range s.RootModule().Resources {
+		attributes[name] = rs.Primary.Attributes
+	}
+	return attributes
+}
+
+func printState() resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		attrs := extractAttributes(s)
+		for resourceName, values := range attrs {
+			fmt.Printf("[INFO] Resource: %s\nAttributes: %+v\n", resourceName, values)
+		}
+		return nil
+	}
+}

website/docs/r/mtls_imperva_to_origin_certificate_site_association.html.markdown

@@ -26,6 +26,7 @@ The following arguments are supported:
 
 * `site_id` - (Required) Site id to assign to a given mTLS client certificate.
 * `certificate_id` - (Required) The mTLS certificate id you want to assign to your site.
+* `account_id` - (Optional) The account to operate on. If not specified, operation will be performed on the account identified by the authentication parameters.
 
 ## Attributes Reference