Create a certificate signing request (#389)

* Create a certificate signing request

* Incapsula CSR resource documentation

* Incapsula CSR resource documentation

Author: infame-io

incapsula/client_certificate_signing_request.go

@@ -0,0 +1,87 @@
+package incapsula
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/url"
+)
+
+// Endpoints
+const endpointCertificateSigningRequestCreate = "sites/customCertificate/csr"
+
+// CertificateSigningRequestCreateResponse contains confirmation of successful csr
+type CertificateSigningRequestCreateResponse struct {
+	Res        int    `json:"res,string"`
+	ResMessage string `json:"res_message"`
+	Status     string `json:"status"`
+	CsrContent string `json:"csr_content"`
+}
+
+// CreateCertificateSigningRequest creates a Certificate Signing Request (CSR)
+func (c *Client) CreateCertificateSigningRequest(siteID, domain, email, country, state, city, organization, organizationUnit string) (*CertificateSigningRequestCreateResponse, error) {
+
+	log.Printf("[INFO] Creating certificate signing request for site_id: %s", siteID)
+
+	values := url.Values{
+		"site_id":           {siteID},
+		"domain":            {domain},
+		"email":             {email},
+		"country":           {country},
+		"state":             {state},
+		"city":              {city},
+		"organization":      {organization},
+		"organization_unit": {organizationUnit},
+	}
+
+	if domain != "" {
+		values.Set("domain", domain)
+	}
+	if email != "" {
+		values.Set("email", email)
+	}
+	if country != "" {
+		values.Set("country", country)
+	}
+	if state != "" {
+		values.Set("state", state)
+	}
+	if city != "" {
+		values.Set("city", city)
+	}
+	if organization != "" {
+		values.Set("organization", organization)
+	}
+	if organizationUnit != "" {
+		values.Set("organization_unit", organizationUnit)
+	}
+	log.Printf("CertificateSigningRequest\n%v", values)
+	// Post to Incapsula
+	reqURL := fmt.Sprintf("%s/%s", c.config.BaseURL, endpointCertificateSigningRequestCreate)
+	resp, err := c.PostFormWithHeaders(reqURL, values, CreateCertificateSigningRequest)
+	if err != nil {
+		return nil, fmt.Errorf("Error from Incapsula service when creating certificate signing request for site_id %s: %s", siteID, err)
+	}
+
+	// Read the body
+	defer resp.Body.Close()
+	responseBody, err := ioutil.ReadAll(resp.Body)
+
+	// Dump JSON
+	log.Printf("[DEBUG] Incapsula create certificate signing request JSON response: %s\n", string(responseBody))
+
+	// Parse the JSON
+	var certificateSigningRequestCreateResponse CertificateSigningRequestCreateResponse
+	err = json.Unmarshal([]byte(responseBody), &certificateSigningRequestCreateResponse)
+	if err != nil {
+		return nil, fmt.Errorf("Error parsing create certificate signing request JSON response for site_id %s: %s\nresponse: %s", siteID, err, string(responseBody))
+	}
+
+	// Look at the response status code from Incapsula
+	if certificateSigningRequestCreateResponse.Res != 0 {
+		return nil, fmt.Errorf("Error from Incapsula service when creating certificate signing request for site_id %s: %s", siteID, string(responseBody))
+	}
+
+	return &certificateSigningRequestCreateResponse, nil
+}

incapsula/client_certificate_signing_request_test.go

@@ -0,0 +1,73 @@
+package incapsula
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+)
+
+////////////////////////////////////////////////////////////////
+// CreateCertificateSigningRequest Tests
+////////////////////////////////////////////////////////////////
+
+func TestClientCreateCertificateSigningRequestBadConnection(t *testing.T) {
+	log.Printf("======================== BEGIN TEST ========================")
+	log.Printf("[DEBUG] Running test client_certificate_signing_request_test.TestClientCreateCertificateSigningRequestBadConnection")
+	config := &Config{APIID: "foo", APIKey: "bar", BaseURL: "badness.incapsula.com"}
+	client := &Client{config: config, httpClient: &http.Client{Timeout: time.Millisecond * 1}}
+	siteID := "1234"
+	domain := "sandwich.au"
+	email := "test@sandwich.au"
+	country := "AU"
+	state := "QLD"
+	city := "BNE"
+	organization := "Tacos Pty Ltd"
+	organizationUnit := "Sales"
+	certificateSigningRequestCreateResponse, err := client.CreateCertificateSigningRequest(siteID, domain, email, country, state, city, organization, organizationUnit)
+	if err == nil {
+		t.Errorf("Should have received an error")
+	}
+	if !strings.HasPrefix(err.Error(), fmt.Sprintf("Error from Incapsula service when creating certificate signing request for site_id %s", siteID)) {
+		t.Errorf("Should have received a client error, got: %s", err)
+	}
+	if certificateSigningRequestCreateResponse != nil {
+		t.Errorf("Should have received a nil certificateSigningRequestCreateResponse instance")
+	}
+}
+
+func TestClientCreateCertificateSigningRequestBadJSON(t *testing.T) {
+	log.Printf("======================== BEGIN TEST ========================")
+	log.Printf("[DEBUG] Running test Running test client_certificate_signing_request_test.TestClientCreateCertificateSigningRequestBadJSON")
+	server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if req.URL.String() != fmt.Sprintf("/%s", endpointCertificateSigningRequestCreate) {
+			t.Errorf("Should have have hit /%s endpoint. Got: %s", endpointCertificateSigningRequestCreate, req.URL.String())
+		}
+		rw.Write([]byte(`{`))
+	}))
+	defer server.Close()
+
+	config := &Config{APIID: "foo", APIKey: "bar", BaseURL: server.URL}
+	client := &Client{config: config, httpClient: &http.Client{}}
+	siteID := "1234"
+	domain := "sandwich.au"
+	email := "test@sandwich.au"
+	country := "AU"
+	state := "QLD"
+	city := "BNE"
+	organization := "Tacos Pty Ltd"
+	organizationUnit := "Sales"
+	certificateSigningRequestCreateResponse, err := client.CreateCertificateSigningRequest(siteID, domain, email, country, state, city, organization, organizationUnit)
+	if err == nil {
+		t.Errorf("Should have received an error")
+	}
+	if !strings.HasPrefix(err.Error(), fmt.Sprintf("Error parsing create certificate signing request JSON response for site_id %s", siteID)) {
+		t.Errorf("Should have received a JSON parse error, got: %s", err)
+	}
+	if certificateSigningRequestCreateResponse != nil {
+		t.Errorf("Should have received a nil certificateSigningRequestCreateResponse instance")
+	}
+}

incapsula/operation_constants.go

@@ -74,6 +74,8 @@ const ReadSecurityRuleException = "read_security_rule_exception"
 const UpdateSecurityRuleException = "update_security_rule_exception"
 const DeleteSecurityRuleException = "delete_security_rule_exception"
 
+const CreateCertificateSigningRequest = "create_certificate_signing_request"
+
 const CreateCustomCertificate = "create_custom_certificate"
 const ReadCustomCertificate = "read_custom_certificate"
 const UpdateCustomCertificate = "update_custom_certificate"

incapsula/provider.go

@@ -101,6 +101,7 @@ func Provider() *schema.Provider {
 
 		ResourcesMap: map[string]*schema.Resource{
 			"incapsula_cache_rule":                                             resourceCacheRule(),
+			"incapsula_certificate_signing_request":                            resourceCertificateSigningRequest(),
 			"incapsula_custom_certificate":                                     resourceCertificate(),
 			"incapsula_custom_hsm_certificate":                                 resourceCustomCertificateHsm(),
 			"incapsula_data_center":                                            resourceDataCenter(),

incapsula/resource_certificate_signing_request.go

@@ -0,0 +1,111 @@
+package incapsula
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceCertificateSigningRequest() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceCertificateSigningRequestCreate,
+		Read:   resourceCertificateSigningRequestRead,
+		Update: resourceCertificateSigningRequestUpdate,
+		Delete: resourceCertificateSigningRequestDelete,
+
+		Schema: map[string]*schema.Schema{
+			// Required Arguments
+			"site_id": {
+				Description: "Numeric identifier of the site to operate on.",
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+			},
+			// Optional Arguments
+			"domain": {
+				Description: "common name. For example: example.com.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"email": {
+				Description: "Email address. For example: joe@example.com.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"country": {
+				Description: "The two-letter ISO code for the country where your organization is located.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"state": {
+				Description: "The state/region where your organization is located. This should not be abbreviated.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"city": {
+				Description: "The city where your organization is located.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"organization": {
+				Description: "The legal name of your organization. This should not be abbreviated or include suffixes such as Inc., Corp., or LLC.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			"organization_unit": {
+				Description: "The division of your organization handling the certificate. For example, IT Department.",
+				Type:        schema.TypeString,
+				Optional:    true,
+			},
+			// Computed Arguments
+			"csr_content": {
+				Description: "The certificate request data.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+		},
+	}
+}
+
+func resourceCertificateSigningRequestCreate(d *schema.ResourceData, m interface{}) error {
+	client := m.(*Client)
+	certificateSigningRequestResponse, err := client.CreateCertificateSigningRequest(
+		d.Get("site_id").(string),
+		d.Get("domain").(string),
+		d.Get("email").(string),
+		d.Get("country").(string),
+		d.Get("state").(string),
+		d.Get("city").(string),
+		d.Get("organization").(string),
+		d.Get("organization_unit").(string),
+	)
+
+	if err != nil {
+		return err
+	}
+
+	d.Set("csr_content", certificateSigningRequestResponse.CsrContent)
+
+	d.SetId(d.Get("site_id").(string))
+
+	return nil
+}
+
+func resourceCertificateSigningRequestRead(d *schema.ResourceData, m interface{}) error {
+	return nil
+}
+
+func resourceCertificateSigningRequestUpdate(d *schema.ResourceData, m interface{}) error {
+	if d.HasChange("domain") ||
+		d.HasChange("email") ||
+		d.HasChange("country") ||
+		d.HasChange("state") ||
+		d.HasChange("city") ||
+		d.HasChange("organization") ||
+		d.HasChange("organization_unit") {
+		return resourceCertificateSigningRequestCreate(d, m)
+	}
+	return nil
+}
+
+func resourceCertificateSigningRequestDelete(d *schema.ResourceData, m interface{}) error {
+	return nil
+}

website/docs/r/certificate_signing_request.html.markdown

@@ -0,0 +1,46 @@
+---
+subcategory: "Provider Reference"
+layout: "incapsula"
+page_title: "incapsula_certificate_signing_request"
+description: |-
+  Provides a Incapsula Certificate Signing Request resource.
+---
+
+# incapsula_certificate_signing_request
+
+Provides a Incapsula Certificate Signing Request resource. 
+
+## Example Usage
+
+```hcl
+resource "incapsula_certificate_signing_request" "certificate-signing-request" {
+    site_id           = incapsula_site.example-site.id
+    domain            = "sandwich.au"
+    email             = "test@sandwich.au"
+    country           = "AU"
+    state             = "QLD"
+    city              = "BNE"
+    organization      = "Tacos Pty Ltd"
+    organization_unit = "Kitchen"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `site_id` - (Required) Numeric identifier of the site to operate on.
+* `domain` - (Optional) The common name. For example: `example.com`
+* `email` - (Optional) The Email address. For example: `joe@example.com`
+* `country` - (Optional) The two-letter ISO code for the country where your organization is located.
+* `state` - (Optional) The state/region where your organization is located. This should not be abbreviated.
+* `city` - (Optional) The city where your organization is located.
+* `organization` - (Optional) The legal name of your organization. This should not be abbreviated or include suffixes such as Inc., Corp., or LLC.
+* `organization_unit` - (Optional) The division of your organization handling the certificate. For example, IT Department.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - (String) At the moment, only one active certificate can be stored. This exported value is always set to `site_id`.
+* `csr_content` - (String) The certificate request data.