feat(waf): support new datasource to query certificates (#5840)

docs/data-sources/waf_certificates.md

@@ -0,0 +1,83 @@
+---
+subcategory: "Web Application Firewall (WAF)"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_waf_certificates"
+description: |-
+  Use this data source to get a list of WAF certificates within HuaweiCloud.
+---
+
+# huaweicloud_waf_certificates
+
+Use this data source to get a list of WAF certificates within HuaweiCloud.
+
+## Example Usage
+
+```hcl
+variable enterprise_project_id {}
+
+data "huaweicloud_waf_certificates" "test" {
+  enterprise_project_id = var.enterprise_project_id
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to query the data source. If omitted, the provider-level
+  region will be used.
+
+* `enterprise_project_id` - (Optional, String) Specifies the enterprise project ID of WAF certificate.
+  For enterprise users, if omitted, default enterprise project will be used.
+
+* `name` - (Optional, String) Specifies the name of certificate. The value is case-sensitive and supports fuzzy matching.
+
+* `host` - (Optional, Bool) Specifies whether to obtain the domain name for which the certificate is used.
+  + **true**: Obtain the certificates that have been used for domain names.
+  + **false**: Obtain the certificates that have not been used for any domain names.
+
+  Defaults to **false**.
+
+* `expiration_status` - (Optional, String) Specifies the certificate expiration status. The options are as follows:
+  + `0`: Not expired;
+  + `1`: Expired;
+  + `2`: Expired soon (The certificate will expire in one month.)
+
+  -> If this field is not configured, all certificates that meet the expired status will be found.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID.
+
+* `certificates` - The certificate list.
+  The [certificates](#certificates_struct) structure is documented below.
+
+<a name="certificates_struct"></a>
+The `certificates` block supports:
+
+* `id` - The certificate ID.
+
+* `name` - The certificate name.
+
+* `expiration_status` - The certificate expiration status.
+
+* `created_at` - The time when the certificate was uploaded, in RFC3339 format.
+
+* `expired_at` - The time when the certificate expires, in RFC3339 format.
+
+* `bind_host` - The domain information bound to the certificate.
+  The [bind_host](#items_bind_host_struct) structure is documented below.
+
+<a name="items_bind_host_struct"></a>
+The `bind_host` block supports:
+
+* `id` - The domain ID.
+
+* `domain` - The domain name.
+
+* `mode` - The special domain pattern.
+
+* `waf_type` - The deployment mode of WAF instance that is used for the domain name. The value can be **cloud** for
+  cloud WAF or **premium** for dedicated WAF instances.

huaweicloud/provider.go

@@ -1106,6 +1106,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_waf_rules_precise_protection":             waf.DataSourceWafRulesPreciseProtection(),
 			"huaweicloud_waf_rules_web_tamper_protection":          waf.DataSourceWafRulesWebTamperProtection(),
 			"huaweicloud_waf_source_ips":                           waf.DataSourceWafSourceIps(),
+			"huaweicloud_waf_certificates":                         waf.DataSourceWafCertificates(),
 
 			"huaweicloud_dws_alarm_subscriptions":             dws.DataSourceAlarmSubscriptions(),
 			"huaweicloud_dws_availability_zones":              dws.DataSourceDwsAvailabilityZones(),

huaweicloud/services/acceptance/waf/data_source_huaweicloud_waf_certificates_test.go

@@ -0,0 +1,119 @@
+package waf
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDataSourceWafCertificates_basic(t *testing.T) {
+	var (
+		dataSourceName = acceptance.RandomAccResourceName()
+
+		dataSource = "data.huaweicloud_waf_certificates.test"
+		dc         = acceptance.InitDataSourceCheck(dataSource)
+
+		byName   = "data.huaweicloud_waf_certificates.name_filter"
+		dcByName = acceptance.InitDataSourceCheck(byName)
+
+		byHost   = "data.huaweicloud_waf_certificates.host_filter"
+		dcByHost = acceptance.InitDataSourceCheck(byHost)
+
+		byExpirationStatus   = "data.huaweicloud_waf_certificates.expiration_status_filter"
+		dcByExpirationStatus = acceptance.InitDataSourceCheck(byExpirationStatus)
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testDataSourceDataSourceWafCertificates_basic(dataSourceName),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttrSet(dataSource, "certificates.0.id"),
+					resource.TestCheckResourceAttrSet(dataSource, "certificates.0.name"),
+					resource.TestCheckResourceAttrSet(dataSource, "certificates.0.created_at"),
+
+					dcByName.CheckResourceExists(),
+					resource.TestCheckOutput("name_filter_is_useful", "true"),
+
+					dcByHost.CheckResourceExists(),
+					resource.TestCheckOutput("host_filter_is_useful", "true"),
+
+					dcByExpirationStatus.CheckResourceExists(),
+					resource.TestCheckOutput("expiration_status_filter_is_useful", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testDataSourceDataSourceWafCertificates_basic(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+data "huaweicloud_waf_certificates" "test" {
+  enterprise_project_id = "%[2]s"
+
+  depends_on = [
+    huaweicloud_waf_certificate.test
+  ]
+}
+
+# Filter by name
+locals {
+  name = data.huaweicloud_waf_certificates.test.certificates.0.name
+}
+
+data "huaweicloud_waf_certificates" "name_filter" {
+  enterprise_project_id = "%[2]s"
+  name                  = local.name
+}
+
+locals {
+  name_filter_result = [
+    for v in data.huaweicloud_waf_certificates.name_filter.certificates[*].name : v == local.name
+  ]
+}
+
+output "name_filter_is_useful" {
+  value = length(local.name_filter_result) > 0 && alltrue(local.name_filter_result)
+}
+
+# Filter by host
+data "huaweicloud_waf_certificates" "host_filter" {
+  enterprise_project_id = "%[2]s"
+  host                  = true
+}
+
+output "host_filter_is_useful" {
+  value = length(data.huaweicloud_waf_certificates.host_filter.certificates.0.bind_host) > 0
+}
+
+# Filter by expiration_status
+locals {
+  expiration_status = data.huaweicloud_waf_certificates.test.certificates.0.expiration_status
+}
+
+data "huaweicloud_waf_certificates" "expiration_status_filter" {
+  enterprise_project_id = "%[2]s"
+  expiration_status     = local.expiration_status
+}
+
+locals {
+  expiration_status_filter_result = [
+    for v in data.huaweicloud_waf_certificates.expiration_status_filter.certificates[*].expiration_status : v == local.expiration_status
+  ]
+}
+
+output "expiration_status_filter_is_useful" {
+  value = length(local.expiration_status_filter_result) > 0 && alltrue(local.expiration_status_filter_result)
+}
+`, testAccWafCertificate_basic(name, generateCertificateBody()), acceptance.HW_ENTERPRISE_PROJECT_ID_TEST)
+}