From f70d4079c1522d58291abe9dc0cc4544f7cf78d1 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Mon, 2 Nov 2015 10:15:19 -0500
Subject: [PATCH] provider/google: SSL Certificates resource + tests &
 documentation

---
 builtin/providers/google/provider.go          |   1 +
 .../resource_compute_ssl_certificate.go       | 125 ++++++++++++++++++
 .../resource_compute_ssl_certificate_test.go  |  80 +++++++++++
 .../r/compute_ssl_certificate.html.markdown   |  47 +++++++
 website/source/layouts/google.erb             |   4 +
 5 files changed, 257 insertions(+)
 create mode 100644 builtin/providers/google/resource_compute_ssl_certificate.go
 create mode 100644 builtin/providers/google/resource_compute_ssl_certificate_test.go
 create mode 100644 website/source/docs/providers/google/r/compute_ssl_certificate.html.markdown

diff --git a/builtin/providers/google/provider.go b/builtin/providers/google/provider.go
index 2dbe9500b..3fbeedfb0 100644
--- a/builtin/providers/google/provider.go
+++ b/builtin/providers/google/provider.go
@@ -46,6 +46,7 @@ func Provider() terraform.ResourceProvider {
 			"google_compute_network":                resourceComputeNetwork(),
 			"google_compute_project_metadata":       resourceComputeProjectMetadata(),
 			"google_compute_route":                  resourceComputeRoute(),
+			"google_compute_ssl_certificate":        resourceComputeSslCertificate(),
 			"google_compute_target_pool":            resourceComputeTargetPool(),
 			"google_compute_vpn_gateway":            resourceComputeVpnGateway(),
 			"google_compute_vpn_tunnel":             resourceComputeVpnTunnel(),
diff --git a/builtin/providers/google/resource_compute_ssl_certificate.go b/builtin/providers/google/resource_compute_ssl_certificate.go
new file mode 100644
index 000000000..563407cdd
--- /dev/null
+++ b/builtin/providers/google/resource_compute_ssl_certificate.go
@@ -0,0 +1,125 @@
+package google
+
+import (
+	"fmt"
+	"strconv"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"google.golang.org/api/compute/v1"
+	"google.golang.org/api/googleapi"
+)
+
+func resourceComputeSslCertificate() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeSslCertificateCreate,
+		Read:   resourceComputeSslCertificateRead,
+		Delete: resourceComputeSslCertificateDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"description": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"certificate": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"private_key": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"self_link": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"id": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceComputeSslCertificateCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Build the certificate parameter
+	cert := &compute.SslCertificate{
+		Name: d.Get("name").(string),
+		Certificate: d.Get("certificate").(string),
+		PrivateKey: d.Get("private_key").(string),
+	}
+
+	if v, ok := d.GetOk("description"); ok {
+		cert.Description = v.(string)
+	}
+
+	op, err := config.clientCompute.SslCertificates.Insert(
+		config.Project, cert).Do()
+
+	if err != nil {
+		return fmt.Errorf("Error creating ssl certificate: %s", err)
+	}
+
+	err = computeOperationWaitGlobal(config, op, "Creating SslCertificate")
+	if err != nil {
+		return err
+	}
+
+	d.SetId(cert.Name)
+
+	return resourceComputeSslCertificateRead(d, meta)
+}
+
+func resourceComputeSslCertificateRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	cert, err := config.clientCompute.SslCertificates.Get(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading ssl certificate: %s", err)
+	}
+
+	d.Set("self_link", cert.SelfLink)
+	d.Set("id", strconv.FormatUint(cert.Id, 10))
+
+	return nil
+}
+
+func resourceComputeSslCertificateDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	op, err := config.clientCompute.SslCertificates.Delete(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting ssl certificate: %s", err)
+	}
+
+	err = computeOperationWaitGlobal(config, op, "Deleting SslCertificate")
+	if err != nil {
+		return err
+	}
+
+	d.SetId("")
+	return nil
+}
diff --git a/builtin/providers/google/resource_compute_ssl_certificate_test.go b/builtin/providers/google/resource_compute_ssl_certificate_test.go
new file mode 100644
index 000000000..5d84527d9
--- /dev/null
+++ b/builtin/providers/google/resource_compute_ssl_certificate_test.go
@@ -0,0 +1,80 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccComputeSslCertificate_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeSslCertificateDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeSslCertificate_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeSslCertificateExists(
+						"google_compute_ssl_certificate.foobar"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeSslCertificateDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_compute_ssl_certificate" {
+			continue
+		}
+
+		_, err := config.clientCompute.SslCertificates.Get(
+			config.Project, rs.Primary.ID).Do()
+		if err == nil {
+			return fmt.Errorf("SslCertificate still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeSslCertificateExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.SslCertificates.Get(
+			config.Project, rs.Primary.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.Primary.ID {
+			return fmt.Errorf("Certificate not found")
+		}
+
+		return nil
+	}
+}
+
+const testAccComputeSslCertificate_basic = `
+resource "google_compute_ssl_certificate" "foobar" {
+	name = "terraform-test"
+	description = "very descriptive"
+	private_key = "${file("~/cert/example.key")}"
+	certificate = "${file("~/cert/example.crt")}"
+}
+`
diff --git a/website/source/docs/providers/google/r/compute_ssl_certificate.html.markdown b/website/source/docs/providers/google/r/compute_ssl_certificate.html.markdown
new file mode 100644
index 000000000..2b7826102
--- /dev/null
+++ b/website/source/docs/providers/google/r/compute_ssl_certificate.html.markdown
@@ -0,0 +1,47 @@
+---
+layout: "google"
+page_title: "Google: google_compute_ssl_certificate"
+sidebar_current: "docs-google-compute-ssl-certificate"
+description: |-
+  Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.
+---
+
+# google\_compute\_ssl\_certificate
+
+Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.  
+For more information see
+[the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/ssl-certificates) and
+[API](https://cloud.google.com/compute/docs/reference/latest/sslCertificates).
+
+
+## Example Usage
+
+```
+resource "google_compute_ssl_certificate" "default" {
+	name = "my-certificate"
+	description = "a description"
+	private_key = "${file("path/to/private.key")}"
+	certificate = "${file("path/to/certificate.crt")}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+* `description` - (Optional) An optional description of this resource.
+    Changing this forces a new resource to be created.
+* `private_key` - (Required) Write only private key in PEM format.
+    Changing this forces a new resource to be created.
+* `description` - (Required) A local certificate file in PEM format. The chain
+    may be at most 5 certs long, and must include at least one intermediate cert.
+    Changing this forces a new resource to be created.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `self_link` - The URI of the created resource.
+* `id` - A unique ID assigned by GCE.
diff --git a/website/source/layouts/google.erb b/website/source/layouts/google.erb
index b27ae327d..bf9e715d6 100644
--- a/website/source/layouts/google.erb
+++ b/website/source/layouts/google.erb
@@ -65,6 +65,10 @@
 			<a href="/docs/providers/google/r/compute_route.html">google_compute_route</a>
 			</li>
 
+			<li<%= sidebar_current("docs-google-compute-ssl-certificate") %>>
+			<a href="/docs/providers/google/r/compute_ssl_certificate.html">google_compute_ssl_certificate</a>
+			</li>
+
 			<li<%= sidebar_current("docs-google-compute-target-pool") %>>
 			<a href="/docs/providers/google/r/compute_target_pool.html">google_compute_target_pool</a>
 			</li>