Align mTLS Imperva to Origin URL with Imperva API and add provider re…

…source documentations (#419) * add docs for mtls imperva to origin resource * add docs for mtls imperva to origin resource and update the mtls api path to align with the latest changes on the Imperva public API
imperva · May 20, 2024 · 1184493 · 1184493
1 parent 5793852
commit 1184493
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 15 deletions.
diff --git a/incapsula/client_mtls_imperva_to_origin_certificate.go b/incapsula/client_mtls_imperva_to_origin_certificate.go
@@ -13,7 +13,7 @@ import (
 	//"io"
 )
 
-const endpointMTLSCertificate = "/certificates-ui/v3/mtls-origin/certificates"
+const endpointMTLSCertificate = "/certificates-ui/v3/mtls/origin"
 
 type MTLSCertificateGetById struct {
 	Hash      string `json:"hash"`

diff --git a/incapsula/client_mtls_imperva_to_origin_certificate_site_association_test.go b/incapsula/client_mtls_imperva_to_origin_certificate_site_association_test.go
@@ -35,7 +35,7 @@ func TestClientGetSiteMtlsCertificateAssociationBadJSON(t *testing.T) {
 	siteID := 42
 	certifiateID := 100
 
-	endpoint := fmt.Sprintf("/certificates-ui/v3/mtls-origin/certificates/%d/associated-sites/%d", certifiateID, siteID)
+	endpoint := fmt.Sprintf("/certificates-ui/v3/mtls/origin/%d/associated-sites/%d", certifiateID, siteID)
 
 	server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(406)
@@ -68,7 +68,7 @@ func TestClientGetSiteMtlsCertificateAssociationInvalidConfig(t *testing.T) {
 	siteID := 42
 	certifiateID := 100
 
-	endpoint := fmt.Sprintf("/certificates-ui/v3/mtls-origin/certificates/%d/associated-sites/%d", certifiateID, siteID)
+	endpoint := fmt.Sprintf("/certificates-ui/v3/mtls/origin/%d/associated-sites/%d", certifiateID, siteID)
 
 	server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(400)
@@ -81,10 +81,10 @@ func TestClientGetSiteMtlsCertificateAssociationInvalidConfig(t *testing.T) {
            "status": 400,
            "id": "16d37a3dfb2b3aff",
            "source": {
-               "pointer": "/v3/mtls-origin/certificates"
+               "pointer": "/v3/mtls/origin"
            },
            "title": "Bad Request",
-           "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@20c80d50, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"de31602becdf6d4b\",\"source\":{\"pointer\":\"/mtls-origin/certificates\"},\"title\":\"Bad Request\",\"detail\":\"Certificate already exists\"}]}"
+           "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@20c80d50, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"de31602becdf6d4b\",\"source\":{\"pointer\":\"/mtls/origin\"},\"title\":\"Bad Request\",\"detail\":\"Certificate already exists\"}]}"
        }
    ]
 }
@@ -114,7 +114,7 @@ func TestClientGetSiteMtlsCertificateAssociationValidConfig(t *testing.T) {
 	siteID := 42
 	certifiateID := 100
 
-	endpoint := fmt.Sprintf("/certificates-ui/v3/mtls-origin/certificates/%d/associated-sites/%d", certifiateID, siteID)
+	endpoint := fmt.Sprintf("/certificates-ui/v3/mtls/origin/%d/associated-sites/%d", certifiateID, siteID)
 
 	server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(200)
@@ -177,10 +177,10 @@ func TestClientUpdateSiteMtlsCertificateAssociationInvalidConfig(t *testing.T) {
            "status": 400,
            "id": "16d37a3dfb2b3aff",
            "source": {
-               "pointer": "/v3/mtls-origin/certificates"
+               "pointer": "/v3/mtls/origin"
            },
            "title": "Bad Request",
-           "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@20c80d50, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"de31602becdf6d4b\",\"source\":{\"pointer\":\"/mtls-origin/certificates\"},\"title\":\"Bad Request\",\"detail\":\"Certificate already exists\"}]}"
+           "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@20c80d50, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"de31602becdf6d4b\",\"source\":{\"pointer\":\"/mtls/origin\"},\"title\":\"Bad Request\",\"detail\":\"Certificate already exists\"}]}"
        }
    ]
 }
@@ -240,7 +240,7 @@ func TestClientDeleteSiteMtlsCertificateAssociationInvalidConfig(t *testing.T) {
 		"status": 500,
 		"id": "cca667c1371c31ff",
 		"source": {
-		"pointer": "/v3/mtls-origin/certificates/111"
+		"pointer": "/v3/mtls/origin/111"
 	},
 		"title": "Internal Server Error",
 		"detail": "Internal Server Error"

diff --git a/incapsula/client_mtls_imperva_to_origin_certificate_test.go b/incapsula/client_mtls_imperva_to_origin_certificate_test.go
@@ -81,7 +81,7 @@ func TestGetMTLSCertificateInvalidApiConfig(t *testing.T) {
 		"status": 500,
 		"id": "cca667c1371c31ff",
 		"source": {
-		"pointer": "/v3/mtls-origin/certificates/111"
+		"pointer": "/v3/mtls/origin/111"
 	},
 		"title": "Internal Server Error",
 		"detail": "Internal Server Error"
@@ -240,10 +240,10 @@ func TestEditMTLSCertificateApiConfig(t *testing.T) {
             "status": 400,
             "id": "16d37a3dfb2b3aff",
             "source": {
-                "pointer": "/v3/mtls-origin/certificates"
+                "pointer": "/v3/mtls/origin"
             },
             "title": "Bad Request",
-            "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@20c80d50, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"de31602becdf6d4b\",\"source\":{\"pointer\":\"/mtls-origin/certificates\"},\"title\":\"Bad Request\",\"detail\":\"Certificate already exists\"}]}"
+            "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@20c80d50, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"de31602becdf6d4b\",\"source\":{\"pointer\":\"/mtls/origin\"},\"title\":\"Bad Request\",\"detail\":\"Certificate already exists\"}]}"
         }
     ]
 }`))
@@ -370,10 +370,10 @@ func TestDeleteMTLSCertificateInvalidConfig(t *testing.T) {
             "status": 400,
             "id": "bd2f35a9b684a7cf",
             "source": {
-                "pointer": "/v3/mtls-origin/certificates/1"
+                "pointer": "/v3/mtls/origin/1"
             },
             "title": "Bad Request",
-            "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@7d57d69b, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"b352b66ace051df4\",\"source\":{\"pointer\":\"/mtls-origin/certificates/1\"},\"title\":\"Bad Request\",\"detail\":\"Certificate Id does not exist\"}]}"
+            "detail": "handleRequest - Got response headers:org.springframework.web.reactive.function.client.DefaultClientResponse$DefaultHeaders@7d57d69b, status: 400 BAD_REQUEST, body: {\"errors\":[{\"status\":400,\"id\":\"b352b66ace051df4\",\"source\":{\"pointer\":\"/mtls/origin/1\"},\"title\":\"Bad Request\",\"detail\":\"Certificate Id does not exist\"}]}"
         }
     ]
 }`))

diff --git a/incapsula/resource_mtls_imperva_to_origin_certificate_site_association.go b/incapsula/resource_mtls_imperva_to_origin_certificate_site_association.go
@@ -32,7 +32,7 @@ func resourceMtlsImpervaToOriginCertificateSiteAssociation() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			// Required Arguments
 			"site_id": {
-				Description: "The certificate file in base64 format.",
+				Description: "Site id to assign to a given mTLS client certificate",
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,

diff --git a/website/docs/r/mtls_imperva_to_origin_certificate.html.markdown b/website/docs/r/mtls_imperva_to_origin_certificate.html.markdown
@@ -0,0 +1,42 @@
+---
+subcategory: "Provider Reference"
+layout: "incapsula"
+page_title: "incapsula_mtls_imperva_to_origin_certificate"
+description: |-
+  Provides a Mutual TLS Imperva to Origin certificate resource.
+---
+
+# incapsula_mtls_imperva_to_origin_certificate
+
+Provides a Mutual TLS Imperva to Origin certificate resource.
+This resource is used to upload mTLS client certificates to enable mutual authentication between Imperva and origin servers.
+Mutual TLS Imperva to Origin Certificates must be in one of the following formats: pem, der, pfx, cert, crt, p7b, cer, p12, key, ca-bundle, bundle, priv, cert.
+
+## Example Usage
+
+```hcl
+resource "incapsula_mtls_imperva_to_origin_certificate" "mtls_imperva_to_origin_certificate"{
+  certificate       = filebase64("${"path/to/your/cert.pem"}")
+  private_key       = filebase64("${"path/to/your/private_key.pem"}")
+  passphrase        = "my_passphrase"
+  certificate_name  = "pem certificate example"
+  account_id        = "incapsula_account.example-account.id"  
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `certificate` - (Required) Your mTLS client certificate file. Supported formats: pem, der, pfx, cert, crt, p7b, cer, p12, ca-bundle, bundle, cert.
+  You can use the Terraform HCL `filebase64` directive to pull in the contents from a file. You can also embed the certificate in the configuration.
+* `private_key` - Your private key file. supported formats: pem, der, priv, key. If pfx or p12 certificate is used, then this field can remain empty.
+* `passphrase` - Your private key passphrase. Leave empty if the private key is not password protected.
+* `certificate_name` - (Optional) A descriptive name for your mTLS Certificate.
+* `account_id` - (Required) Numeric identifier of the account to operate on.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - Unique identifier of the Mutual TLS Imperva to Origin Certificate.
diff --git a/website/docs/r/mtls_imperva_to_origin_certificate_site_association.html.markdown b/website/docs/r/mtls_imperva_to_origin_certificate_site_association.html.markdown
@@ -0,0 +1,34 @@
+---
+subcategory: "Provider Reference"
+layout: "incapsula"
+page_title: "incapsula_mtls_imperva_to_origin_certificate"
+description: |-
+  Provides a Mutual TLS Imperva to Origin certificate resource.
+---
+
+# incapsula_mtls_imperva_to_origin_certificate_site_association
+
+Provides a Mutual TLS Imperva to Origin certificate Association resource.
+This resource is used to associate between mTLS client certificates and site.
+
+## Example Usage
+
+```hcl
+resource "incapsula_mtls_imperva_to_origin_certificate_site_association" "mtls_imperva_to_origin_certificate_site_association"{
+  site_id       = incapsula_site.example-site.id
+  certificate_id  = incapsula_certificate.example-certificate.id
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `site_id` - (Required) Site id to assign to a given mTLS client certificate.
+* `certificate_id` - (Required) The mTLS certificate id you want to assign to your site.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - Unique identifier of the Mutual TLS Imperva to Origin Certificate.