Added ocsp attributes for ssl_key_cert and ssl_certificate rresources

bigip/resource_bigip_ssl_certificate.go

@@ -39,14 +39,28 @@ func resourceBigipSslCertificate() *schema.Resource {
 				//ForceNew:    true,
 				Description: "Content of certificate on Disk",
 			},
-
 			"partition": {
 				Type:         schema.TypeString,
 				Optional:     true,
 				Default:      "Common",
 				Description:  "Partition of ssl certificate",
 				ValidateFunc: validatePartitionName,
 			},
+			"monitoring_type": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Specifies the type of monitoring used",
+			},
+			"issuer_cert": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Specifies the issuer certificate",
+			},
+			"ocsp": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Specifies the OCSP responder",
+			},
 			"full_path": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -64,7 +78,19 @@ func resourceBigipSslCertificateCreate(ctx context.Context, d *schema.ResourceDa
 
 	certPath := d.Get("content").(string)
 	partition := d.Get("partition").(string)
-	err := client.UploadCertificate(name, certPath, partition)
+	cert := &bigip.Certificate{
+		Name:      name,
+		Partition: partition,
+	}
+
+	if val, ok := d.GetOk("monitoring_type"); ok {
+		cert.CertValidationOptions = []string{val.(string)}
+	}
+	if val, ok := d.GetOk("issuer_cert"); ok {
+		cert.IssuerCert = val.(string)
+	}
+
+	err := client.UploadCertificate(certPath, cert)
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("error in Importing certificate (%s): %s", name, err))
 	}
@@ -88,6 +114,17 @@ func resourceBigipSslCertificateCreate(ctx context.Context, d *schema.ResourceDa
 			log.Printf("[ERROR]Sending Telemetry data failed:%v", err)
 		}
 	}
+
+	if val, ok := d.GetOk("ocsp"); ok {
+		certValidState := &bigip.CertValidatorState{Name: val.(string)}
+		certValidRef := &bigip.CertValidatorReference{}
+		certValidRef.Items = append(certValidRef.Items, *certValidState)
+		cert.CertValidatorRef = certValidRef
+		err = client.UpdateCertificate(certPath, cert)
+		if err != nil {
+			log.Printf("[ERROR]Unable to add ocsp to the certificate:%v", err)
+		}
+	}
 	return resourceBigipSslCertificateRead(ctx, d, meta)
 }
 
@@ -119,6 +156,11 @@ func resourceBigipSslCertificateRead(ctx context.Context, d *schema.ResourceData
 	_ = d.Set("name", certificate.Name)
 	_ = d.Set("partition", certificate.Partition)
 	_ = d.Set("full_path", certificate.FullPath)
+	_ = d.Set("issuer_cert", certificate.IssuerCert)
+	if certificate.CertValidationOptions != nil && len(certificate.CertValidationOptions) > 0 {
+		monitor_type := certificate.CertValidationOptions[0]
+		_ = d.Set("monitoring_type", monitor_type)
+	}
 
 	return nil
 }
@@ -129,10 +171,26 @@ func resourceBigipSslCertificateUpdate(ctx context.Context, d *schema.ResourceDa
 	log.Println("[INFO] Certificate Name " + name)
 	certpath := d.Get("content").(string)
 	partition := d.Get("partition").(string)
-	/*if !strings.HasSuffix(name, ".crt") {
-		name = name + ".crt"
-	}*/
-	err := client.UpdateCertificate(name, certpath, partition)
+
+	cert := &bigip.Certificate{
+		Name:      name,
+		Partition: partition,
+	}
+
+	if val, ok := d.GetOk("monitoring_type"); ok {
+		cert.CertValidationOptions = []string{val.(string)}
+	}
+	if val, ok := d.GetOk("issuer_cert"); ok {
+		cert.IssuerCert = val.(string)
+	}
+	if val, ok := d.GetOk("ocsp"); ok {
+		certValidState := &bigip.CertValidatorState{Name: val.(string)}
+		certValidRef := &bigip.CertValidatorReference{}
+		certValidRef.Items = append(certValidRef.Items, *certValidState)
+		cert.CertValidatorRef = certValidRef
+	}
+
+	err := client.UpdateCertificate(certpath, cert)
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("error in Importing certificate (%s): %s", name, err))
 	}

bigip/resource_bigip_ssl_certificate_test.go

@@ -28,6 +28,17 @@ resource "bigip_ssl_certificate" "test-cert" {
 }
 `
 
+var TestSslCertOCSPResource = `
+resource "bigip_ssl_certificate" "ssl-test-certificate-tc1" {
+  name            = "test-certificate"
+  content         = "${file("` + folder + `/../examples/mycertocspv2.crt")}"
+  partition       = "Common"
+  monitoring_type = "ocsp"
+  issuer_cert     = "/Common/MyCA"
+  ocsp            = "/Common/testocsp1"
+}
+`
+
 func TestAccBigipSslCertificateImportToBigip(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
@@ -88,6 +99,29 @@ func TestAccBigipSslCertificateTCs(t *testing.T) {
 	})
 }
 
+func TestAccBigipSslCertificateOCSP(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAcctPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testChecksslcertificateDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config: TestSslCertOCSPResource,
+				Check: resource.ComposeTestCheckFunc(
+					testChecksslcertificateExists("test-certificate", true),
+					resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "name", "test-certificate"),
+					resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "partition", "Common"),
+					resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "monitoring_type", "ocsp"),
+					resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "issuer_cert", "/Common/MyCA"),
+					resource.TestCheckResourceAttr("bigip_ssl_certificate.ssl-test-certificate-tc1", "ocsp", "/Common/testocsp1"),
+				),
+			},
+		},
+	})
+}
+
 func testChecksslcertificateExists(name string, exists bool) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client := testAccProvider.Meta().(*bigip.BigIP)

bigip/resource_bigip_ssl_key_cert.go

@@ -58,6 +58,21 @@ func resourceBigipSSLKeyCert() *schema.Resource {
 				Computed:    true,
 				Description: "Full Path Name of ssl certificate",
 			},
+			"cert_monitoring_type": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Specifies the type of monitoring used.",
+			},
+			"issuer_cert": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Specifies the issuer certificate",
+			},
+			"cert_ocsp": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Specifies the OCSP responder",
+			},
 			"passphrase": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -105,7 +120,19 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData,
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("error while adding the ssl key: %v", err))
 	}
-	err = client.UploadCertificate(certName, certPath, partition)
+
+	cert := &bigip.Certificate{
+		Name:      certName,
+		Partition: partition,
+	}
+	if val, ok := d.GetOk("cert_monitoring_type"); ok {
+		cert.CertValidationOptions = []string{val.(string)}
+	}
+	if val, ok := d.GetOk("issuer_cert"); ok {
+		cert.IssuerCert = val.(string)
+	}
+
+	err = client.UploadCertificate(certPath, cert)
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("error while uploading the ssl cert: %v", err))
 	}
@@ -114,6 +141,17 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData,
 		return diag.FromErr(fmt.Errorf("error while ending transaction: %d", err))
 	}
 
+	if val, ok := d.GetOk("cert_ocsp"); ok {
+		certValidState := &bigip.CertValidatorState{Name: val.(string)}
+		certValidRef := &bigip.CertValidatorReference{}
+		certValidRef.Items = append(certValidRef.Items, *certValidState)
+		cert.CertValidatorRef = certValidRef
+		err = client.UpdateCertificate(certPath, cert)
+		if err != nil {
+			log.Printf("[ERROR]Unable to add ocsp to the certificate:%v", err)
+		}
+	}
+
 	id := keyName + "_" + certName
 	d.SetId(id)
 	return resourceBigipSSLKeyCertRead(ctx, d, meta)
@@ -147,6 +185,11 @@ func resourceBigipSSLKeyCertRead(ctx context.Context, d *schema.ResourceData, me
 	d.Set("cert_name", certificate.Name)
 	d.Set("cert_full_path", certificate.FullPath)
 	d.Set("partition", key.Partition)
+	d.Set("issuer_cert", certificate.IssuerCert)
+	if certificate.CertValidationOptions != nil && len(certificate.CertValidationOptions) > 0 {
+		monitor_type := certificate.CertValidationOptions[0]
+		_ = d.Set("cert_monitoring_type", monitor_type)
+	}
 
 	return nil
 }
@@ -184,7 +227,24 @@ func resourceBigipSSLKeyCertUpdate(ctx context.Context, d *schema.ResourceData,
 		return diag.FromErr(fmt.Errorf("error while trying to modify the ssl key (%s): %s", keyFullPath, err))
 	}
 
-	err = client.UpdateCertificate(certName, certPath, partition)
+	cert := &bigip.Certificate{
+		Name:      certName,
+		Partition: partition,
+	}
+	if val, ok := d.GetOk("cert_monitoring_type"); ok {
+		cert.CertValidationOptions = []string{val.(string)}
+	}
+	if val, ok := d.GetOk("issuer_cert"); ok {
+		cert.IssuerCert = val.(string)
+	}
+	if val, ok := d.GetOk("cert_ocsp"); ok {
+		certValidState := &bigip.CertValidatorState{Name: val.(string)}
+		certValidRef := &bigip.CertValidatorReference{}
+		certValidRef.Items = append(certValidRef.Items, *certValidState)
+		cert.CertValidatorRef = certValidRef
+	}
+
+	err = client.UpdateCertificate(certPath, cert)
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("error while updating the ssl certificate (%s): %s", certName, err))
 	}

bigip/resource_bigip_ssl_key_cert_test.go

@@ -42,6 +42,19 @@ resource "bigip_ltm_profile_server_ssl" "test-ServerSsl" {
 }
 `
 
+var sslProfileCertKeyOCSP = `
+resource "bigip_ssl_key_cert" "testkeycert" {
+  partition            = "Common"
+  key_name             = "ssl-test-key"
+  key_content          = "${file("` + folder + `/../examples/mycertocspv2.pem")}"
+  cert_name            = "ssl-test-cert"
+  cert_content         = "${file("` + folder + `/../examples/mycertocspv2.crt")}"
+  cert_monitoring_type = "ocsp"
+  issuer_cert          = "/Common/MyCA"
+  cert_ocsp            = "/Common/testocsp1"
+}
+`
+
 func TestAccBigipSSLCertKeyCreate(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
@@ -112,3 +125,25 @@ func TestAccBigipSSLCertKeyCreateCertKeyProfile(t *testing.T) {
 		},
 	})
 }
+
+func TestAccBigipSSLCertKeyCreateCertKeyProfileOCSP(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAcctPreCheck(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: sslProfileCertKeyOCSP,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_name", "ssl-test-key"),
+					resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_name", "ssl-test-cert"),
+					resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "partition", "Common"),
+					resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_monitoring_type", "ocsp"),
+					resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "issuer_cert", "/Common/MyCA"),
+					resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_ocsp", "/Common/testocsp1"),
+				),
+			},
+		},
+	})
+}

docs/resources/bigip_ssl_certificate.md

@@ -33,3 +33,9 @@ resource "bigip_ssl_certificate" "test-cert" {
 * `content` - (Required) Content of certificate on Local Disk,path of SSL certificate will be provided to terraform `file` function 
 
 * `partition` - Partition on to SSL Certificate to be imported. The parameter is not required when running terraform import operation. In such case the name must be provided in full_path format.
+
+* `monitoring_type` - Specifies the type of monitoring used.
+
+* `issuer_cert` - Specifies the issuer certificate.
+
+* `ocsp` - Specifies the OCSP responder.

docs/resources/bigip_ssl_key_cert.md

@@ -42,6 +42,11 @@ resource "bigip_ssl_key_cert" "testkeycert" {
 
 * `passphrase` - (Optional,type `string`) Passphrase on the SSL key.
 
+* `cert_monitoring_type` - (Optional,type `string`) Specifies the type of monitoring used.
+
+* `issuer_cert` - (Optional,type `string`) Specifies the issuer certificate.
+
+* `cert_ocsp` - (Optional,type `string`) Specifies the OCSP responder.
 
 
 ## Attribute Reference