Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

138 new resource security certificate #311

Open
wants to merge 19 commits into
base: integration/main
Choose a base branch
from
Open

138 new resource security certificate #311

wants to merge 19 commits into from

Conversation

csahu9
Copy link
Contributor

@csahu9 csahu9 commented Oct 4, 2024

@csahu9 csahu9 linked an issue Oct 4, 2024 that may be closed by this pull request
[New Resource]: /security/certificates #138
Open
carchi8py
carchi8py reviewed Oct 7, 2024
View reviewed changes
Copy link
Contributor

@carchi8py carchi8py left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@csahu9 is name returned back in the output for 9.6 and 9.7

If not this code won't work for those system as name is required but would be null.

@csahu9
Copy link
Contributor Author

csahu9 commented Oct 8, 2024

@csahu9 is name returned back in the output for 9.6 and 9.7

If not this code won't work for those system as name is required but would be null.

@carchi8py Resource Read has version constraints before adding name to query fields, so it won't be returned for Ontap 9.6/9/7
I've updated the error reporting for scenario where one tries to use name in Ontap 9.6/9.7
I've now tested the resource in Ontap 9.6 as well and it is working as expected.

@chuyich
Copy link
Contributor

chuyich commented Oct 10, 2024
edited
Loading

There is one case with minimum setup and the creation has issues:

resource "netapp-ontap_security_certificate" "create_certificate" {
  cx_profile_name = "cluster5"
  common_name     = "tfsvm_ca_cert_test"
  type            = "root_ca"
}

But creating a certificate without svm info is allowed.

csahu-vsim34::security certificate> create -common-name "ttt" -type root-ca -size 2048

The certificate's generated name for reference: ttt_17FCEF1EB6BDE792_ttt

csahu-vsim34::security certificate> show -cert-name ttt_17FCEF1EB6BDE792_ttt
Vserver    Serial Number   Certificate Name                       Type
---------- --------------- -------------------------------------- ------------
csahu-vsim34 
           17FCEF1EB6BDE792 
                           ttt_17FCEF1EB6BDE792_ttt               root-ca
    Certificate Authority: ttt
          Expiration Date: Thu Oct 09 20:14:32 2025

So svm_name is optional and computed in the schema definition.

Please take a look and adjust the code for taking care of this case.

@csahu9
Copy link
Contributor Author

csahu9 commented Oct 10, 2024

There is one case with minimum setup and the creation has issues:

resource "netapp-ontap_security_certificate" "create_certificate" {
  cx_profile_name = "cluster5"
  common_name     = "tfsvm_ca_cert_test"
  type            = "root_ca"
}

But creating a certificate without svm info is allowed.

csahu-vsim34::security certificate> create -common-name "ttt" -type root-ca -size 2048

The certificate's generated name for reference: ttt_17FCEF1EB6BDE792_ttt

csahu-vsim34::security certificate> show -cert-name ttt_17FCEF1EB6BDE792_ttt
Vserver    Serial Number   Certificate Name                       Type
---------- --------------- -------------------------------------- ------------
csahu-vsim34 
           17FCEF1EB6BDE792 
                           ttt_17FCEF1EB6BDE792_ttt               root-ca
    Certificate Authority: ttt
          Expiration Date: Thu Oct 09 20:14:32 2025

So svm_name is optional and computed in the schema definition.

Please take a look and adjust the code for taking care of this case.

@chuyich thanks for pointing this out; I've updated the resource accordingly.

chuyich
chuyich reviewed Oct 29, 2024
View reviewed changes
docs/resources/security_certificate.md
```

## Supported Platforms
* On-prem ONTAP system 9.6 or higher
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just want to make sure if you check the fsx is supported or not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, @chuyich , I haven't tested for fsx support.
Could you please let me know the steps that are required to test the same?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check the slack message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chuyich chuyich chuyich left review comments

@carchi8py carchi8py carchi8py left review comments

@suhasbshekar suhasbshekar suhasbshekar approved these changes

@wenjun666 wenjun666 Awaiting requested review from wenjun666 wenjun666 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[New Resource]: /security/certificates
4 participants
@csahu9 @chuyich @carchi8py @suhasbshekar