Add missing output fields to Certificate resource. (#6322) (#4548)

Co-authored-by: Pawel Krawczyk <[email protected]> Signed-off-by: Modular Magician <[email protected]> Co-authored-by: Pawel Krawczyk <[email protected]>
hashicorp · Aug 2, 2022 · bf6c979 · bf6c979
1 parent a1f28c6
commit bf6c979
Show file tree

Hide file tree

Showing 9 changed files with 308 additions and 59 deletions.
diff --git a/.changelog/6322.txt b/.changelog/6322.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+certificatemanager: added `state`, `authorization_attempt_info` and `provisioning_issue` output fields to `google_certificate_manager_certificate`
+```
diff --git a/google-beta/resource_certificate_manager_certificate.go b/google-beta/resource_certificate_manager_certificate.go
@@ -65,7 +65,7 @@ and all following characters must be a dash, underscore, letter or digit.`,
 			"labels": {
 				Type:        schema.TypeMap,
 				Optional:    true,
-				Description: `Set of label tags associated with the EdgeCache resource.`,
+				Description: `Set of label tags associated with the Certificate resource.`,
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 			"managed": {
@@ -97,10 +97,63 @@ Wildcard domains are only supported with DNS challenge resolution`,
 								Type: schema.TypeString,
 							},
 						},
+						"authorization_attempt_info": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Description: `Detailed state of the latest authorization attempt for each domain
+specified for this Managed Certificate.`,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"details": {
+										Type:     schema.TypeString,
+										Computed: true,
+										Description: `Human readable explanation for reaching the state. Provided to help
+address the configuration issues.
+Not guaranteed to be stable. For programmatic access use 'failure_reason' field.`,
+									},
+									"domain": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: `Domain name of the authorization attempt.`,
+									},
+									"failure_reason": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: `Reason for failure of the authorization attempt for the domain.`,
+									},
+									"state": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: `State of the domain for managed certificate issuance.`,
+									},
+								},
+							},
+						},
+						"provisioning_issue": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: `Information about issues with provisioning this Managed Certificate.`,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"details": {
+										Type:     schema.TypeString,
+										Computed: true,
+										Description: `Human readable explanation about the issue. Provided to help address
+the configuration issues.
+Not guaranteed to be stable. For programmatic access use 'reason' field.`,
+									},
+									"reason": {
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: `Reason for provisioning failures.`,
+									},
+								},
+							},
+						},
 						"state": {
 							Type:        schema.TypeString,
 							Computed:    true,
-							Description: `State of the managed certificate resource.`,
+							Description: `A state of this Managed Certificate.`,
 						},
 					},
 				},
@@ -110,16 +163,15 @@ Wildcard domains are only supported with DNS challenge resolution`,
 				Type:             schema.TypeString,
 				Optional:         true,
 				ForceNew:         true,
-				ValidateFunc:     validateEnum([]string{"DEFAULT", "EDGE_CACHE", ""}),
 				DiffSuppressFunc: certManagerDefaultScopeDiffSuppress,
 				Description: `The scope of the certificate.
 
-Certificates with default scope are served from core Google data centers.
+DEFAULT: Certificates with default scope are served from core Google data centers.
 If unsure, choose this option.
 
-Certificates with scope EDGE_CACHE are special-purposed certificates,
+EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,
 served from non-core Google data centers.
-Currently allowed only for managed certificates. Default value: "DEFAULT" Possible values: ["DEFAULT", "EDGE_CACHE"]`,
+Currently allowed only for managed certificates.`,
 				Default: "DEFAULT",
 			},
 			"self_managed": {
@@ -483,24 +535,88 @@ func flattenCertificateManagerCertificateManaged(v interface{}, d *schema.Resour
 		return nil
 	}
 	transformed := make(map[string]interface{})
-	transformed["state"] =
-		flattenCertificateManagerCertificateManagedState(original["state"], d, config)
 	transformed["domains"] =
 		flattenCertificateManagerCertificateManagedDomains(original["domains"], d, config)
 	transformed["dns_authorizations"] =
 		flattenCertificateManagerCertificateManagedDnsAuthorizations(original["dnsAuthorizations"], d, config)
+	transformed["state"] =
+		flattenCertificateManagerCertificateManagedState(original["state"], d, config)
+	transformed["provisioning_issue"] =
+		flattenCertificateManagerCertificateManagedProvisioningIssue(original["provisioningIssue"], d, config)
+	transformed["authorization_attempt_info"] =
+		flattenCertificateManagerCertificateManagedAuthorizationAttemptInfo(original["authorizationAttemptInfo"], d, config)
 	return []interface{}{transformed}
 }
+func flattenCertificateManagerCertificateManagedDomains(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
+func flattenCertificateManagerCertificateManagedDnsAuthorizations(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return d.Get("managed.0.dns_authorizations")
+}
+
 func flattenCertificateManagerCertificateManagedState(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	return v
 }
 
-func flattenCertificateManagerCertificateManagedDomains(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+func flattenCertificateManagerCertificateManagedProvisioningIssue(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["reason"] =
+		flattenCertificateManagerCertificateManagedProvisioningIssueReason(original["reason"], d, config)
+	transformed["details"] =
+		flattenCertificateManagerCertificateManagedProvisioningIssueDetails(original["details"], d, config)
+	return []interface{}{transformed}
+}
+func flattenCertificateManagerCertificateManagedProvisioningIssueReason(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	return v
 }
 
-func flattenCertificateManagerCertificateManagedDnsAuthorizations(v interface{}, d *schema.ResourceData, config *Config) interface{} {
-	return d.Get("managed.0.dns_authorizations")
+func flattenCertificateManagerCertificateManagedProvisioningIssueDetails(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
+func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfo(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil {
+		return v
+	}
+	l := v.([]interface{})
+	transformed := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		original := raw.(map[string]interface{})
+		if len(original) < 1 {
+			// Do not include empty json objects coming back from the api
+			continue
+		}
+		transformed = append(transformed, map[string]interface{}{
+			"domain":         flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(original["domain"], d, config),
+			"state":          flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoState(original["state"], d, config),
+			"failure_reason": flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(original["failureReason"], d, config),
+			"details":        flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(original["details"], d, config),
+		})
+	}
+	return transformed
+}
+func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
+func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoState(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
+func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
+func flattenCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
 }
 
 func expandCertificateManagerCertificateDescription(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
@@ -565,38 +681,145 @@ func expandCertificateManagerCertificateManaged(v interface{}, d TerraformResour
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
+	transformedDomains, err := expandCertificateManagerCertificateManagedDomains(original["domains"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedDomains); val.IsValid() && !isEmptyValue(val) {
+		transformed["domains"] = transformedDomains
+	}
+
+	transformedDnsAuthorizations, err := expandCertificateManagerCertificateManagedDnsAuthorizations(original["dns_authorizations"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedDnsAuthorizations); val.IsValid() && !isEmptyValue(val) {
+		transformed["dnsAuthorizations"] = transformedDnsAuthorizations
+	}
+
 	transformedState, err := expandCertificateManagerCertificateManagedState(original["state"], d, config)
 	if err != nil {
 		return nil, err
 	} else if val := reflect.ValueOf(transformedState); val.IsValid() && !isEmptyValue(val) {
 		transformed["state"] = transformedState
 	}
 
-	transformedDomains, err := expandCertificateManagerCertificateManagedDomains(original["domains"], d, config)
+	transformedProvisioningIssue, err := expandCertificateManagerCertificateManagedProvisioningIssue(original["provisioning_issue"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedDomains); val.IsValid() && !isEmptyValue(val) {
-		transformed["domains"] = transformedDomains
+	} else if val := reflect.ValueOf(transformedProvisioningIssue); val.IsValid() && !isEmptyValue(val) {
+		transformed["provisioningIssue"] = transformedProvisioningIssue
 	}
 
-	transformedDnsAuthorizations, err := expandCertificateManagerCertificateManagedDnsAuthorizations(original["dns_authorizations"], d, config)
+	transformedAuthorizationAttemptInfo, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfo(original["authorization_attempt_info"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedDnsAuthorizations); val.IsValid() && !isEmptyValue(val) {
-		transformed["dnsAuthorizations"] = transformedDnsAuthorizations
+	} else if val := reflect.ValueOf(transformedAuthorizationAttemptInfo); val.IsValid() && !isEmptyValue(val) {
+		transformed["authorizationAttemptInfo"] = transformedAuthorizationAttemptInfo
 	}
 
 	return transformed, nil
 }
 
+func expandCertificateManagerCertificateManagedDomains(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCertificateManagerCertificateManagedDnsAuthorizations(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandCertificateManagerCertificateManagedState(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
 
-func expandCertificateManagerCertificateManagedDomains(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+func expandCertificateManagerCertificateManagedProvisioningIssue(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedReason, err := expandCertificateManagerCertificateManagedProvisioningIssueReason(original["reason"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedReason); val.IsValid() && !isEmptyValue(val) {
+		transformed["reason"] = transformedReason
+	}
+
+	transformedDetails, err := expandCertificateManagerCertificateManagedProvisioningIssueDetails(original["details"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedDetails); val.IsValid() && !isEmptyValue(val) {
+		transformed["details"] = transformedDetails
+	}
+
+	return transformed, nil
+}
+
+func expandCertificateManagerCertificateManagedProvisioningIssueReason(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
 
-func expandCertificateManagerCertificateManagedDnsAuthorizations(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+func expandCertificateManagerCertificateManagedProvisioningIssueDetails(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCertificateManagerCertificateManagedAuthorizationAttemptInfo(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	req := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		if raw == nil {
+			continue
+		}
+		original := raw.(map[string]interface{})
+		transformed := make(map[string]interface{})
+
+		transformedDomain, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(original["domain"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedDomain); val.IsValid() && !isEmptyValue(val) {
+			transformed["domain"] = transformedDomain
+		}
+
+		transformedState, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoState(original["state"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedState); val.IsValid() && !isEmptyValue(val) {
+			transformed["state"] = transformedState
+		}
+
+		transformedFailureReason, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(original["failure_reason"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedFailureReason); val.IsValid() && !isEmptyValue(val) {
+			transformed["failureReason"] = transformedFailureReason
+		}
+
+		transformedDetails, err := expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(original["details"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedDetails); val.IsValid() && !isEmptyValue(val) {
+			transformed["details"] = transformedDetails
+		}
+
+		req = append(req, transformed)
+	}
+	return req, nil
+}
+
+func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDomain(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoState(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoFailureReason(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCertificateManagerCertificateManagedAuthorizationAttemptInfoDetails(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
diff --git a/google-beta/resource_certificate_manager_certificate_map.go b/google-beta/resource_certificate_manager_certificate_map.go
@@ -52,7 +52,7 @@ globally and match the pattern 'projects/*/locations/*/certificateMaps/*'.`,
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: `One or more paragraphs of text description of a certificate map entry.`,
+				Description: `A human-readable description of the resource.`,
 			},
 			"labels": {
 				Type:        schema.TypeMap,

diff --git a/google-beta/resource_certificate_manager_certificate_map_entry.go b/google-beta/resource_certificate_manager_certificate_map_entry.go
@@ -69,10 +69,9 @@ names must be unique globally and match pattern
 'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*'`,
 			},
 			"description": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Description: `CertificateMapEntry is a list of certificate configurations,
-that have been issued for a particular hostname`,
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: `A human-readable description of the resource.`,
 			},
 			"hostname": {
 				Type:     schema.TypeString,
@@ -94,8 +93,7 @@ Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.`,
 			"matcher": {
 				Type:         schema.TypeString,
 				Optional:     true,
-				ValidateFunc: validateEnum([]string{"MATCHER_UNSPECIFIED", "PRIMARY", ""}),
-				Description:  `A predefined matcher for particular cases, other than SNI selection Possible values: ["MATCHER_UNSPECIFIED", "PRIMARY"]`,
+				Description:  `A predefined matcher for particular cases, other than SNI selection`,
 				ExactlyOneOf: []string{"hostname", "matcher"},
 			},
 			"create_time": {
@@ -106,15 +104,9 @@ with nanosecond resolution and up to nine fractional digits.
 Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".`,
 			},
 			"state": {
-				Type:     schema.TypeString,
-				Computed: true,
-				Description: `A serving state of this Certificate Map Entry.
-
-The status is undefined.
-
-The configuration is serving.
-
-Update is in progress. Some frontends may serve this configuration.`,
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `A serving state of this Certificate Map Entry.`,
 			},
 			"update_time": {
 				Type:     schema.TypeString,