fix custom certificate resource: remove force_new from certificate, private_key and passphrase attributes + add base64 method usage to the example

Author: BrachaY

incapsula/client_certificate.go

@@ -1,13 +1,11 @@
 package incapsula
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net/url"
-	"strings"
 )
 
 // Endpoints (unexported consts)
@@ -35,12 +33,6 @@ type CertificateEditResponse struct {
 
 // AddCertificate adds a custom SSL certificate to a site in Incapsula
 func (c *Client) AddCertificate(siteID, certificate, privateKey, passphrase string) (*CertificateAddResponse, error) {
-	certificate = strings.TrimSpace(certificate)
-	_, err := base64.StdEncoding.DecodeString(certificate)
-	if err != nil {
-		// This is not a valid base64 encoded string
-		certificate = base64.StdEncoding.EncodeToString([]byte(certificate))
-	}
 
 	log.Printf("[INFO] Adding custom certificate for site_id: %s", siteID)
 
@@ -50,8 +42,7 @@ func (c *Client) AddCertificate(siteID, certificate, privateKey, passphrase stri
 	}
 
 	if privateKey != "" {
-		b64PrivateKey := base64.StdEncoding.EncodeToString([]byte(strings.TrimSpace(privateKey)))
-		values.Set("private_key", b64PrivateKey)
+		values.Set("private_key", privateKey)
 	}
 	if passphrase != "" {
 		values.Set("passphrase", passphrase)
@@ -122,18 +113,17 @@ func (c *Client) ListCertificates(siteID string) (*CertificateListResponse, erro
 
 // EditCertificate updates the custom certifiacte on an Incapsula site
 func (c *Client) EditCertificate(siteID, certificate, privateKey, passphrase string) (*CertificateEditResponse, error) {
-	b64Certificate := base64.StdEncoding.EncodeToString([]byte(strings.TrimSpace(certificate)))
 
 	log.Printf("[INFO] Editing custom certificate for Incapsula site_id: %s\n", siteID)
 
 	values := url.Values{
 		"site_id":     {siteID},
-		"certificate": {b64Certificate},
+		"certificate": {certificate},
 	}
 
 	if privateKey != "" {
-		b64PrivateKey := base64.StdEncoding.EncodeToString([]byte(strings.TrimSpace(privateKey)))
-		values.Set("private_key", b64PrivateKey)
+		values.Set("private_key", privateKey)
+
 	}
 	if passphrase != "" {
 		values.Set("passphrase", passphrase)

incapsula/resource_certificate.go

@@ -10,7 +10,7 @@ func resourceCertificate() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceCertificateCreate,
 		Read:   resourceCertificateRead,
-		Update: nil,
+		Update: resourceCertificateUpdate,
 		Delete: resourceCertificateDelete,
 		Importer: &schema.ResourceImporter{
 			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
@@ -31,21 +31,18 @@ func resourceCertificate() *schema.Resource {
 				Description: "The certificate file in base64 format.",
 				Type:        schema.TypeString,
 				Required:    true,
-				ForceNew:    true,
 			},
 			// Optional Arguments
 			"private_key": {
 				Description: "The private key of the certificate in base64 format. Optional in case of PFX certificate file format. This will be encoded in sha256 in terraform state.",
 				Type:        schema.TypeString,
 				Optional:    true,
-				ForceNew:    true,
 				Sensitive:   true,
 			},
 			"passphrase": {
 				Description: "The passphrase used to protect your SSL certificate. This will be encoded in sha256 in terraform state.",
 				Type:        schema.TypeString,
 				Optional:    true,
-				ForceNew:    true,
 				Sensitive:   true,
 			},
 		},

website/docs/r/custom_certificate.html.markdown

@@ -16,8 +16,8 @@ Custom certificates must be one of the following formats: PFX, PEM, or CER.
 ```hcl
 resource "incapsula_custom_certificate" "custom-certificate" {
     site_id = incapsula_site.example-site.id
-    certificate = "${file("path/to/your/cert.crt")}"
-    private_key = "${file("path/to/your/private_key.key")}"
+    certificate = filebase64("${"path/to/your/cert.crt"}")
+    private_key = filebase64("${"path/to/your/private_key.key"}")
     passphrase = "yourpassphrase"
 }
 ```