138 new resource security certificate

CHANGELOG.md

@@ -22,6 +22,7 @@ FEATURES:
 * **New Resource:** `netapp-ontap_storage_qtrees` ([#82](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/82))
 * **New Resource:** `netapp-ontap_qos_policies` ([#76](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/76))
 * **New Resource:** `netapp-security_login_messages` ([#18](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/18))
+* **New Resource:** `netapp-ontap_security_certificate` ([#138](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/138))
 
 ENHANCEMENTS:
 * **netapp-ontap_lun**: added `size_unit` option. ([#227](https://github.com/NetApp/terraform-provider-netapp-ontap/issues/227))

docs/resources/security_certificate.md

@@ -0,0 +1,147 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "netapp-ontap_security_certificate Resource - terraform-provider-netapp-ontap"
+subcategory: ""
+description: |-
+  SecurityCertificate resource
+---
+
+# netapp-ontap_security_certificate (Resource)
+
+Create/ install/ sign a certificate
+
+### Related ONTAP commands
+```commandline
+* security certificate show
+* security certificate create
+* security certificate install
+* security certificate sign
+```
+
+## Supported Platforms
+* On-prem ONTAP system 9.6 or higher
+
+## Example Usage
+
+```terraform
+# creating a certificate
+resource "netapp-ontap_security_certificate" "create_certificate" {
+  cx_profile_name = "cluster5"
+  name            = "tfsvm_ca_cert1"
+  common_name     = "tfsvm_ca_cert"
+  type            = "root_ca"
+  svm_name        = "tfsvm"
+  expiry_time     = "P365DT"
+}
+
+# signing a certificate
+resource "netapp-ontap_security_certificate" "sign_certificate" {
+  cx_profile_name = "cluster5"
+  name            = "tfsvm_ca_cert1"
+  common_name     = "tfsvm_ca_cert"
+  type            = "root_ca"
+  svm_name        = "svm1"  # SVM on which the signed certificate will exist
+  expiry_time     = "P90DT"
+  signing_request = <<-EOT
+-----BEGIN CERTIFICATE REQUEST-----
+signing-request
+-----END CERTIFICATE REQUEST-----
+EOT
+}
+
+# installing a certificate
+resource "netapp-ontap_security_certificate" "install_certificate" {
+  cx_profile_name = "cluster5"
+  common_name     = "svm1_cert1"
+  type            = "server"
+  svm_name        = "svm1"
+  expiry_time     = "P90DT"
+  public_certificate = <<-EOT
+-----BEGIN CERTIFICATE-----
+certificate
+-----END CERTIFICATE-----
+EOT
+
+  private_key = <<-EOT
+-----BEGIN PRIVATE KEY-----
+private-key
+-----END PRIVATE KEY-----
+EOT
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cx_profile_name` (String) Connection profile name.
+- `common_name` (String) Common name of the certificate.
+- `type` (String) Type of certificate.
+
+### Optional
+
+- `expiry_time` (String) Certificate expiration time, in ISO 8601 duration format or date and time format.
+- `hash_function` (String) Hashing function.
+- `key_size` (Number) Key size of the certificate in bits.
+- `name` (String) The unique name of the security certificate per SVM.
+- `private_key` (String, Sensitive) Private key Certificate in PEM format. Only valid when installing a CA-signed certificate.
+- `public_certificate` (String) Public key Certificate in PEM format. If this is not provided during create action, a self-signed certificate is created.
+- `signing_request` (String) Certificate signing request to be signed by the given certificate authority. Request should be in X509 PEM format.
+- `svm_name` (String) Name of the SVM in which the certificate is created or installed or the SVM on which the signed certificate will exist.
+
+### Read-Only
+
+- `ca` (String) Certificate authority.
+- `id` (String) UUID of the certificate.
+- `scope` (String) Set to 'svm' for certificates installed in a SVM. Otherwise, set to 'cluster'.
+- `serial_number` (String) Serial number of the certificate.
+- `signed_certificate` (String) Signed public key Certificate in PEM format that is returned while signing a certificate.
+
+## Import
+This resource supports import, which allows you to import existing security certificate into the state of this resource.
+Import require a unique ID composed of the security certificate name and connection profile, separated by a comma.
+
+id = `name`, `cx_profile_name`
+
+### Terraform Import
+
+ For example
+ ```shell
+  terraform import netapp-ontap_security_certificate.cert_import tfsvm_ca_cert1,cluster5
+ ```
+
+### Terraform Import Block
+This requires Terraform 1.5 or higher, and will auto create the configuration for you
+
+First create the block
+```terraform
+import {
+  to = netapp-ontap_security_certificate.cert_import
+  id = "tfsvm_ca_cert1,cluster5"
+}
+```
+Next run, this will auto create the configuration for you
+```shell
+terraform plan -generate-config-out=generated.tf
+```
+This will generate a file called generated.tf, which will contain the configuration for the imported resource
+```terraform
+# __generated__ by Terraform
+# Please review these resources and move them into your main configuration files.
+
+# __generated__ by Terraform from "tfsvm_ca_cert1,cluster5"
+resource "netapp-ontap_security_certificate" "cert_import" {
+  common_name        = "tfsvm_ca_cert"
+  cx_profile_name    = "cluster5"
+  expiry_time        = "2025-10-04T01:24:54-04:00"
+  hash_function      = "sha256"
+  key_size           = 2048
+  name               = "tfsvm_ca_cert1"
+  private_key        = null # sensitive
+  public_certificate = "-----BEGIN CERTIFICATE-----\ncertificate\n-----END CERTIFICATE-----\n"
+  signing_request    = null
+  svm_name           = "tfsvm"
+  type               = "root_ca"
+}
+```

examples/provider/provider.tf

@@ -40,6 +40,13 @@ provider "netapp-ontap" {
       password = var.password
       validate_certs = var.validate_certs
     },
+    {
+      name = "cluster5"
+      hostname = "********2"
+      username = var.username
+      password = var.password
+      validate_certs = var.validate_certs
+    },
     {
       name = "clustercifs"
       hostname = "********189"

examples/resources/netapp-ontap_security_certificate/provider.tf

@@ -0,0 +1 @@
+../../provider/provider.tf

examples/resources/netapp-ontap_security_certificate/resource.tf

@@ -0,0 +1,44 @@
+# creating a certificate
+resource "netapp-ontap_security_certificate" "create_certificate" {
+  cx_profile_name = "cluster5"
+  name            = "tfsvm_ca_cert1"
+  common_name     = "tfsvm_ca_cert"
+  type            = "root_ca"
+  svm_name        = "tfsvm"
+  expiry_time     = "P365DT"
+}
+
+# signing a certificate
+resource "netapp-ontap_security_certificate" "sign_certificate" {
+  cx_profile_name = "cluster5"
+  name            = "tfsvm_ca_cert1"
+  common_name     = "tfsvm_ca_cert"
+  type            = "root_ca"
+  svm_name        = "svm1"  # SVM on which the signed certificate will exist
+  expiry_time     = "P90DT"
+  signing_request = <<-EOT
+-----BEGIN CERTIFICATE REQUEST-----
+signing-request
+-----END CERTIFICATE REQUEST-----
+EOT
+}
+
+# installing a certificate
+resource "netapp-ontap_security_certificate" "install_certificate" {
+  cx_profile_name = "cluster5"
+  common_name     = "svm1_cert1"
+  type            = "server"
+  svm_name        = "svm1"
+  expiry_time     = "P90DT"
+  public_certificate = <<-EOT
+-----BEGIN CERTIFICATE-----
+certificate
+-----END CERTIFICATE-----
+EOT
+
+  private_key = <<-EOT
+-----BEGIN PRIVATE KEY-----
+private-key
+-----END PRIVATE KEY-----
+EOT
+}

examples/resources/netapp-ontap_security_certificate/terraform.tfvars

@@ -0,0 +1 @@
+../../provider/terraform.tfvars

examples/resources/netapp-ontap_security_certificate/variables.tf

@@ -0,0 +1 @@
+../../provider/variables.tf