From 9aac73d27e267719c4124ccab3199defd497eb39 Mon Sep 17 00:00:00 2001 From: Haim Schneider <104054548+haimsch@users.noreply.github.com> Date: Fri, 30 Jun 2023 12:45:40 +0300 Subject: [PATCH] Private cert attribute fixes (#4641) --- .secrets.baseline | 82 ++++++------------- ...rtificate_configuration_intermediate_ca.go | 17 +--- ...ivate_certificate_configuration_root_ca.go | 7 +- ...vate_certificate_configuration_template.go | 14 +--- ...onfiguration_intermediate_ca.html.markdown | 7 +- ...ficate_configuration_root_ca.html.markdown | 4 +- ...icate_configuration_template.html.markdown | 2 +- 7 files changed, 38 insertions(+), 95 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 9ecccf0a5ed..a54104aa5c7 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,11 +3,8 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-06-14T09:18:54Z", + "generated_at": "2023-06-20T13:14:07Z", "plugins_used": [ - { - "name": "AWSKeyDetector" - }, { "name": "ArtifactoryDetector" }, @@ -21,12 +18,6 @@ { "name": "BasicAuthDetector" }, - { - "name": "BoxDetector" - }, - { - "name": "CloudantDetector" - }, { "ghe_instance": "github.ibm.com", "name": "GheDetector" @@ -51,9 +42,6 @@ "keyword_exclude": null, "name": "KeywordDetector" }, - { - "name": "MailchimpDetector" - }, { "name": "NpmDetector" }, @@ -68,12 +56,6 @@ }, { "name": "SquareOAuthDetector" - }, - { - "name": "StripeDetector" - }, - { - "name": "TwilioKeyDetector" } ], "results": { @@ -722,7 +704,7 @@ "hashed_secret": "731438016c5ab94431f61820f35e3ae5f8ad6004", "is_secret": false, "is_verified": false, - "line_number": 341, + "line_number": 343, "type": "Secret Keyword", "verified_result": null }, @@ -730,7 +712,7 @@ "hashed_secret": "12da2e35d6b50c902c014f1ab9e3032650368df7", "is_secret": false, "is_verified": false, - "line_number": 347, + "line_number": 349, "type": "Secret Keyword", "verified_result": null }, @@ -738,7 +720,7 @@ "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6", "is_secret": false, "is_verified": false, - "line_number": 1022, + "line_number": 1024, "type": "Base64 High Entropy String", "verified_result": null } @@ -748,7 +730,7 @@ "hashed_secret": "9184b0c38101bf24d78b2bb0d044deb1d33696fc", "is_secret": false, "is_verified": false, - "line_number": 132, + "line_number": 133, "type": "Secret Keyword", "verified_result": null }, @@ -756,7 +738,7 @@ "hashed_secret": "c427f185ddcb2440be9b77c8e45f1cd487a2e790", "is_secret": false, "is_verified": false, - "line_number": 1438, + "line_number": 1449, "type": "Base64 High Entropy String", "verified_result": null }, @@ -764,7 +746,7 @@ "hashed_secret": "1f7e33de15e22de9d2eaf502df284ed25ca40018", "is_secret": false, "is_verified": false, - "line_number": 1506, + "line_number": 1517, "type": "Secret Keyword", "verified_result": null }, @@ -772,7 +754,7 @@ "hashed_secret": "1f614c2eb6b3da22d89bd1b9fd47d7cb7c8fc670", "is_secret": false, "is_verified": false, - "line_number": 3357, + "line_number": 3404, "type": "Secret Keyword", "verified_result": null }, @@ -780,7 +762,7 @@ "hashed_secret": "7abfce65b8504403afc25c9790f358d513dfbcc6", "is_secret": false, "is_verified": false, - "line_number": 3370, + "line_number": 3417, "type": "Secret Keyword", "verified_result": null }, @@ -788,7 +770,7 @@ "hashed_secret": "0c2d85bf9a9b1579b16f220a4ea8c3d62b2e24b1", "is_secret": false, "is_verified": false, - "line_number": 3411, + "line_number": 3458, "type": "Secret Keyword", "verified_result": null } @@ -826,7 +808,7 @@ "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9", "is_secret": false, "is_verified": false, - "line_number": 1697, + "line_number": 1713, "type": "Secret Keyword", "verified_result": null }, @@ -834,7 +816,7 @@ "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437", "is_secret": false, "is_verified": false, - "line_number": 1703, + "line_number": 1719, "type": "Secret Keyword", "verified_result": null } @@ -3428,7 +3410,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 251, + "line_number": 249, "type": "Secret Keyword", "verified_result": null }, @@ -3436,7 +3418,7 @@ "hashed_secret": "9beb31de125498074813c6f31c0e4df3e54a5489", "is_secret": false, "is_verified": false, - "line_number": 755, + "line_number": 749, "type": "Secret Keyword", "verified_result": null } @@ -3446,7 +3428,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 280, + "line_number": 278, "type": "Secret Keyword", "verified_result": null }, @@ -3454,7 +3436,7 @@ "hashed_secret": "9beb31de125498074813c6f31c0e4df3e54a5489", "is_secret": false, "is_verified": false, - "line_number": 760, + "line_number": 755, "type": "Secret Keyword", "verified_result": null } @@ -4709,30 +4691,12 @@ "verified_result": null } ], - "website/docs/r/project_instance.html.markdown": [ - { - "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", - "is_secret": false, - "is_verified": false, - "line_number": 134, - "type": "Secret Keyword", - "verified_result": null - }, - { - "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", - "is_secret": false, - "is_verified": false, - "line_number": 136, - "type": "Secret Keyword", - "verified_result": null - } - ], "website/docs/r/metrics_router_route.html.markdown": [ { "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 99, + "line_number": 152, "type": "Secret Keyword", "verified_result": null }, @@ -4740,7 +4704,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 101, + "line_number": 154, "type": "Secret Keyword", "verified_result": null } @@ -4750,7 +4714,7 @@ "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 82, + "line_number": 124, "type": "Secret Keyword", "verified_result": null }, @@ -4758,7 +4722,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 84, + "line_number": 126, "type": "Secret Keyword", "verified_result": null } @@ -4940,7 +4904,7 @@ "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 142, + "line_number": 145, "type": "Secret Keyword", "verified_result": null }, @@ -4948,7 +4912,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 144, + "line_number": 147, "type": "Secret Keyword", "verified_result": null } @@ -5148,7 +5112,7 @@ } ] }, - "version": "0.13.1+ibm.61.dss", + "version": "0.13.1+ibm.56.dss", "word_list": { "file": null, "hash": null diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go index ebd336d6c05..795460a2630 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -209,10 +209,8 @@ func ResourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Resour }, "serial_number": &schema.Schema{ Type: schema.TypeString, - Optional: true, - ForceNew: true, Computed: true, - Description: "The serial number to assign to the generated certificate. To assign a random serial number, you can omit this field.", + Description: "The unique serial number that was assigned to a certificate by the issuing certificate authority.", }, "signing_method": &schema.Schema{ Type: schema.TypeString, @@ -290,19 +288,19 @@ func ResourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Resour "ttl": &schema.Schema{ Type: schema.TypeString, Optional: true, - Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can be either an integer that specifies the number of seconds, or the string representation of a duration, such as `120m` or `24h`.Minimum duration is 1 minute. Maximum is 90 days.", + Description: "Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided provided as a string duration with time suffix (e.g. '24h') or the number of seconds as string (e.g. '86400').", }, "max_path_length": &schema.Schema{ Type: schema.TypeInt, Optional: true, ForceNew: true, - Description: " The maximum path length to encode in the generated certificate. `-1` means no limit.", + Description: "The maximum path length to encode in the generated certificate. `-1` means no limit.", }, "permitted_dns_domains": &schema.Schema{ Type: schema.TypeList, Optional: true, ForceNew: true, - Description: " The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.", + Description: "The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.", Elem: &schema.Schema{Type: schema.TypeString}, }, "use_csr_values": &schema.Schema{ @@ -738,11 +736,7 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCAMapToConfiguratio } model.PostalCode = postalCode } - if _, ok := d.GetOk("serial_number"); ok { - model.SerialNumber = core.StringPtr(d.Get("serial_number").(string)) - } return model, nil - // TODO all other config attributes } func resourceIbmSmPrivateCertificateConfigurationIntermediateCAPrivateCertificateCADataToMap(modelIntf secretsmanagerv2.PrivateCertificateCADataIntf) (map[string]interface{}, error) { @@ -870,9 +864,6 @@ func resourceIbmSmConfigurationActionPrivateCertificateSignIntermediateCAMapToCo } model.PostalCode = postalCode } - if _, ok := d.GetOk("serial_number"); ok { - model.SerialNumber = core.StringPtr(d.Get("serial_number").(string)) - } return model, nil } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go index ec88e35047d..767250b9402 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go @@ -220,10 +220,8 @@ func ResourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { }, "serial_number": &schema.Schema{ Type: schema.TypeString, - Optional: true, Computed: true, - ForceNew: true, - Description: "The serial number to assign to the generated certificate. To assign a random serial number, you can omit this field.", + Description: "The unique serial number that was assigned to a certificate by the issuing certificate authority.", }, "secret_type": &schema.Schema{ Type: schema.TypeString, @@ -742,9 +740,6 @@ func resourceIbmSmPrivateCertificateConfigurationRootCAMapToConfigurationPrototy } model.PostalCode = postalCodeParsed } - if _, ok := d.GetOk("serial_number"); ok { - model.SerialNumber = core.StringPtr(d.Get("serial_number").(string)) - } return model, nil } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go index 866a1e32245..fbebe341a0a 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go @@ -113,7 +113,8 @@ func ResourceIbmSmPrivateCertificateConfigurationTemplate() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - Description: "The serial number to assign to the generated certificate. To assign a random serial number, you can omit this field.", + Description: "Unused field.", + Deprecated: "This field is deprecated.", }, "certificate_authority": &schema.Schema{ Type: schema.TypeString, @@ -521,9 +522,6 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateRead(context context.Co return diag.FromErr(fmt.Errorf("Error setting postal_code: %s", err)) } } - if err = d.Set("serial_number", configuration.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) - } if err = d.Set("require_cn", configuration.RequireCn); err != nil { return diag.FromErr(fmt.Errorf("Error setting require_cn: %s", err)) } @@ -775,11 +773,6 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateUpdate(context context. hasChange = true } - if d.HasChange("serial_number") { - patchVals.SerialNumber = core.StringPtr(d.Get("serial_number").(string)) - hasChange = true - } - if d.HasChange("not_before_duration") { patchVals.NotBeforeDuration = core.StringPtr(d.Get("not_before_duration").(string)) hasChange = true @@ -1005,9 +998,6 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateMapToConfigurationProto } model.PostalCode = postalCode } - if _, ok := d.GetOk("serial_number"); ok { - model.SerialNumber = core.StringPtr(d.Get("serial_number").(string)) - } if _, ok := d.GetOkExists("require_cn"); ok { model.RequireCn = core.BoolPtr(d.Get("require_cn").(bool)) } diff --git a/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown b/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown index 61f6660ce2c..26e23c899f9 100644 --- a/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown +++ b/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown @@ -53,6 +53,7 @@ Review the argument reference that you can specify for your resource. * Constraints: Allowable values are: `rsa`, `ec`. * `locality` - (Optional, Forces new resource, List) The Locality (L) values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. +* `max_path_length` - (Optional, Forces new resource, String) The maximum path length to encode in the generated certificate. `-1` means no limit. * `max_ttl` - (Required, String) The maximum time-to-live (TTL) for certificates that are created by this CA. * `name` - (Required, String) A human-readable unique name to assign to the intermediate CA configuration. * `organization` - (Optional, Forces new resource, List) The Organization (O) values to define in the subject field of the resulting certificate. @@ -61,18 +62,18 @@ Review the argument reference that you can specify for your resource. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `100` items. The minimum length is `0` items. * `ou` - (Optional, Forces new resource, List) The Organizational Unit (OU) values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. +* `permitted_dns_domains` - (Optional, Forces new resource, List) The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate. * `postal_code` - (Optional, Forces new resource, List) The postal code values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. * `private_key_format` - (Optional, Forces new resource, String) The format of the generated private key. * Constraints: The default value is `der`. Allowable values are: `der`, `pkcs8`. * `province` - (Optional, Forces new resource, List) The Province (ST) values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. -* `serial_number` - (Optional, Forces new resource, String) The serial number to assign to the generated certificate. To assign a random serial number, you can omit this field. - * Constraints: The maximum length is `64` characters. The minimum length is `32` characters. The value must match regular expression `/[^a-fA-F0-9]/`. * `signing_method` - (Required, Forces new resource, String) The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities). * Constraints: Allowable values are: `internal`, `external`. * `street_address` - (Optional, Forces new resource, List) The street address values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. +* `ttl` - (Optional, String) Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. `24h`) or the number of seconds as a string (e.g. `86400`). The value cannot exceed the value of `max_ttl`. * `uri_sans` - (Optional, Forces new resource, String) The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. * Constraints: The maximum length is `2048` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. @@ -103,6 +104,8 @@ Nested scheme for **data**: * `max_ttl_seconds` - (Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds. * `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. +* `serial_number` - (String) The unique serial number that was assigned to a certificate by the issuing certificate authority. + * Constraints: The maximum length is `64` characters. The minimum length is `32` characters. The value must match regular expression `/[^a-fA-F0-9]/`. * `status` - (String) The status of the certificate authority. The status of a root certificate authority is either `configured` or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,`signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`. * Constraints: Allowable values are: `signing_required`, `signed_certificate_required`, `certificate_template_required`, `configured`, `expired`, `revoked`. * `updated_at` - (String) The date when a resource was recently modified. The date format follows RFC 3339. diff --git a/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown b/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown index b5e57980056..f240feb5282 100644 --- a/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown +++ b/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown @@ -67,8 +67,6 @@ Review the argument reference that you can specify for your resource. * Constraints: The default value is `der`. Allowable values are: `der`, `pkcs8`. * `province` - (Optional, Forces new resource, List) The Province (ST) values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. -* `serial_number` - (Optional, Forces new resource, String) The serial number to assign to the generated certificate. To assign a random serial number, you can omit this field. - * Constraints: The maximum length is `64` characters. The minimum length is `32` characters. The value must match regular expression `/[^a-fA-F0-9]/`. * `street_address` - (Optional, Forces new resource, List) The street address values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. * `ttl` - (Optional, String) The requested time-to-live (TTL) for certificates that are created by this CA. This field's value cannot be longer than the `max_ttl` limit.The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer). @@ -105,6 +103,8 @@ Nested scheme for **data**: * `max_ttl_seconds` - (Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds. * `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. +* `serial_number` - (String) The unique serial number that was assigned to a certificate by the issuing certificate authority. + * Constraints: The maximum length is `64` characters. The minimum length is `32` characters. The value must match regular expression `/[^a-fA-F0-9]/`. * `status` - (String) The status of the certificate authority. The status of a root certificate authority is either `configured` or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,`signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`. * Constraints: Allowable values are: `signing_required`, `signed_certificate_required`, `certificate_template_required`, `configured`, `expired`, `revoked`. * `updated_at` - (String) The date when a resource was recently modified. The date format follows RFC 3339. diff --git a/website/docs/r/sm_private_certificate_configuration_template.html.markdown b/website/docs/r/sm_private_certificate_configuration_template.html.markdown index 816c81f86c7..d34b20e904d 100644 --- a/website/docs/r/sm_private_certificate_configuration_template.html.markdown +++ b/website/docs/r/sm_private_certificate_configuration_template.html.markdown @@ -80,7 +80,7 @@ Review the argument reference that you can specify for your resource. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `100` items. The minimum length is `0` items. * `require_cn` - (Optional, Boolean) Determines whether to require a common name to create a private certificate.By default, a common name is required to generate a certificate. To make the `common_name` field optional, set the `require_cn` option to `false`. * `server_flag` - (Optional, Boolean) Determines whether private certificates are flagged for server use. -* `serial_number` - (Optional, Forces new resource, String) The serial number to assign to the generated certificate. To assign a random serial number, you can omit this field. +* `serial_number` - (Optional, Forces new resource, String) Deprecated. Unused field. * Constraints: The maximum length is `64` characters. The minimum length is `32` characters. The value must match regular expression `/[^a-fA-F0-9]/`. * `street_address` - (Optional, Forces new resource, List) The street address values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items.