package tls import ( "crypto/x509" "github.com/hashicorp/terraform/helper/schema" ) func resourceLocallySignedCert() *schema.Resource { s := resourceCertificateCommonSchema() s["cert_request_pem"] = &schema.Schema{ Type: schema.TypeString, Required: true, Description: "PEM-encoded certificate request", ForceNew: true, StateFunc: func(v interface{}) string { return hashForState(v.(string)) }, } s["ca_key_algorithm"] = &schema.Schema{ Type: schema.TypeString, Required: true, Description: "Name of the algorithm used to generate the certificate's private key", ForceNew: true, } s["ca_private_key_pem"] = &schema.Schema{ Type: schema.TypeString, Required: true, Description: "PEM-encoded CA private key used to sign the certificate", ForceNew: true, StateFunc: func(v interface{}) string { return hashForState(v.(string)) }, } s["ca_cert_pem"] = &schema.Schema{ Type: schema.TypeString, Required: true, Description: "PEM-encoded CA certificate", ForceNew: true, StateFunc: func(v interface{}) string { return hashForState(v.(string)) }, } return &schema.Resource{ Create: CreateLocallySignedCert, Delete: DeleteCertificate, Read: ReadCertificate, Schema: s, } } func CreateLocallySignedCert(d *schema.ResourceData, meta interface{}) error { certReq, err := parseCertificateRequest(d, "cert_request_pem") if err != nil { return err } caKey, err := parsePrivateKey(d, "ca_private_key_pem", "ca_key_algorithm") if err != nil { return err } caCert, err := parseCertificate(d, "ca_cert_pem") if err != nil { return err } cert := x509.Certificate{ Subject: certReq.Subject, DNSNames: certReq.DNSNames, IPAddresses: certReq.IPAddresses, BasicConstraintsValid: true, } return createCertificate(d, &cert, caCert, certReq.PublicKey, caKey) }