Add accountId parameter to managed certificate resource (#481)

* Add accountId parameter to managed certificate resource * Fix empty account id scenario * Add accountId to importer --------- Co-authored-by: aviv.yaari <[email protected]>
imperva · Dec 5, 2024 · 4a7ffb5 · 4a7ffb5
1 parent ec10ab0
commit 4a7ffb5
Show file tree

Hide file tree

Showing 5 changed files with 139 additions and 31 deletions.
diff --git a/incapsula/client_site_certificate.go b/incapsula/client_site_certificate.go
@@ -3,10 +3,11 @@ package incapsula
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"io/ioutil"
 	"log"
 	"net/http"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 )
 
 const endpointSiteCertV3BasePath = "/certificates-ui/v3/sites/"
@@ -52,13 +53,16 @@ type SiteCertificateV3Response struct {
 }
 
 // RequestSiteCertificate request site certificate
-func (c *Client) RequestSiteCertificate(siteId int, validationMethod string) (*SiteCertificateV3Response, diag.Diagnostics) {
+func (c *Client) RequestSiteCertificate(siteId int, validationMethod string, accountId *int) (*SiteCertificateV3Response, diag.Diagnostics) {
 	var diags diag.Diagnostics
 	log.Printf("[INFO] request site certificate to: %d ", siteId)
 	siteCertificateDTO := SiteCertificateDTO{}
 	siteCertificateDTO.DefaultValidationMethod = validationMethod
 	siteCertificateDTOJSON, err := json.Marshal(siteCertificateDTO)
 	url := fmt.Sprintf("%s%s%d%s", c.config.BaseURLAPI, endpointSiteCertV3BasePath, siteId, endpointSiteCertV3Suffix)
+	if accountId != nil {
+		url = fmt.Sprintf("%s?caid=%d", url, *accountId)
+	}
 	resp, err := c.DoJsonAndQueryParamsRequestWithHeaders(http.MethodPost, url, []byte(siteCertificateDTOJSON), nil, RequestSiteCert)
 	if err != nil {
 		diags = append(diags, diag.Diagnostic{
@@ -104,11 +108,14 @@ func (c *Client) RequestSiteCertificate(siteId int, validationMethod string) (*S
 }
 
 // DeleteRequestSiteCertificate deletes a site certificate request
-func (c *Client) DeleteRequestSiteCertificate(siteId int) (*SiteCertificateV3Response, diag.Diagnostics) {
+func (c *Client) DeleteRequestSiteCertificate(siteId int, accountId *int) (*SiteCertificateV3Response, diag.Diagnostics) {
 	var diags diag.Diagnostics
 	log.Printf("[INFO] deleting request site certificate %d", siteId)
 
 	url := fmt.Sprintf("%s%s%d%s", c.config.BaseURLAPI, endpointSiteCertV3BasePath, siteId, endpointSiteCertV3Suffix)
+	if accountId != nil {
+		url = fmt.Sprintf("%s?caid=%d", url, *accountId)
+	}
 	resp, err := c.DoJsonAndQueryParamsRequestWithHeaders(http.MethodDelete, url, []byte("{}"), nil, RequestSiteCert)
 	if err != nil {
 		diags = append(diags, diag.Diagnostic{
@@ -154,11 +161,14 @@ func (c *Client) DeleteRequestSiteCertificate(siteId int) (*SiteCertificateV3Res
 }
 
 // GetSiteCertificateRequestStatus get site cert request
-func (c *Client) GetSiteCertificateRequestStatus(siteId int) (*SiteCertificateV3Response, diag.Diagnostics) {
+func (c *Client) GetSiteCertificateRequestStatus(siteId int, accountId *int) (*SiteCertificateV3Response, diag.Diagnostics) {
 	var diags diag.Diagnostics
 	log.Printf("[INFO] get request site certificate status %d", siteId)
 
 	url := fmt.Sprintf("%s%s%d%s", c.config.BaseURLAPI, endpointSiteCertV3BasePath, siteId, endpointSiteCertV3Suffix)
+	if accountId != nil {
+		url = fmt.Sprintf("%s?caid=%d", url, *accountId)
+	}
 	resp, err := c.DoJsonAndQueryParamsRequestWithHeaders(http.MethodGet, url, nil, nil, RequestSiteCert)
 	if err != nil {
 		diags = append(diags, diag.Diagnostic{

diff --git a/incapsula/client_site_certificate_test.go b/incapsula/client_site_certificate_test.go
@@ -12,7 +12,7 @@ import (
 func TestClientRequestSiteCertificateBadConnection(t *testing.T) {
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: "http://badness.incapsula.com"}
 	client := &Client{config: config, httpClient: &http.Client{Timeout: time.Millisecond * 1}}
-	requestSiteCertificateResponse, diag := client.RequestSiteCertificate(123, "DNS")
+	requestSiteCertificateResponse, diag := client.RequestSiteCertificate(123, "DNS", nil)
 	if diag == nil || !diag.HasError() || !strings.Contains(diag[0].Detail, "Timeout exceeded while awaiting") {
 		t.Errorf("Should have received an time out error")
 	}
@@ -32,7 +32,7 @@ func TestClientRequestSiteCertificateInternalError(t *testing.T) {
 	defer server.Close()
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
-	_, diag := client.RequestSiteCertificate(123, "DNS")
+	_, diag := client.RequestSiteCertificate(123, "DNS", nil)
 	if diag == nil || !diag.HasError() || !strings.Contains(diag[0].Detail, "got response status 500, error") {
 		t.Errorf("Should have received an error")
 	}
@@ -49,7 +49,7 @@ func TestClientRequestSiteCertificateErrorsInBody(t *testing.T) {
 	defer server.Close()
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
-	accountSSLSettingsResponse, diag := client.RequestSiteCertificate(123, "DNS")
+	accountSSLSettingsResponse, diag := client.RequestSiteCertificate(123, "DNS", nil)
 	if diag != nil {
 		t.Errorf("Should not received an error")
 	}
@@ -69,14 +69,36 @@ func TestClientRequestSiteCertificateDataInBody(t *testing.T) {
 	defer server.Close()
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
-	requestSiteCertificateResponse, diag := client.RequestSiteCertificate(123, "DNS")
+	requestSiteCertificateResponse, diag := client.RequestSiteCertificate(123, "DNS", nil)
 	if diag != nil {
 		t.Errorf("Should not received an error")
 	}
 	if requestSiteCertificateResponse.Errors != nil || requestSiteCertificateResponse.Data == nil || requestSiteCertificateResponse.Data[0].DefaultValidationMethod != "CNAME" {
 		t.Errorf("Got unexpected response")
 	}
 }
+
+func TestClientRequestSiteCertificateWithAccountId(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if req.URL.String() != fmt.Sprintf("%s%d%s?caid=%d", endpointSiteCertV3BasePath, 123, endpointSiteCertV3Suffix, 111) {
+			t.Errorf("Should have hit /%s%d%s?caid=%d endpoint. Got: %s", endpointSiteCertV3BasePath, 123, endpointSiteCertV3Suffix, 111, req.URL.String())
+		}
+		rw.WriteHeader(http.StatusOK)
+		rw.Write([]byte("{\"data\":[{\"siteId\":1088225110,\"defaultValidationMethod\":\"CNAME\",\"certificateDetails\":[{\"id\":3476,\"name\":\"ATLAS_845-1717566889024\",\"status\":\"IN_PROCESS\",\"expirationDate\":1749113691000,\"inRenewal\":false,\"sans\":[{\"sanId\":34,\"sanValue\":\"domain-8226.com\",\"validationMethod\":\"CNAME\",\"expirationDate\":null,\"status\":\"PENDING_USER_ACTION\",\"statusDate\":1717577707000,\"numSitesCovered\":1,\"verificationCode\":\"globalsign-domain-verification=A477A8393D17A55ECB2964402\",\"cnameValidationValue\":\"dh8pzxg.devImpervaDns.com\",\"autoValidation\":false,\"approverFqdn\":\"domain-8226.com\",\"validationEmail\":null,\"domainIds\":[7]}],\"level\":\"SITE\"}]}]}"))
+	}))
+	defer server.Close()
+	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
+	client := &Client{config: config, httpClient: &http.Client{}}
+	accountId := 111
+	response, diag := client.RequestSiteCertificate(123, "DNS", &accountId)
+	if diag != nil {
+		t.Errorf("Should not received an error")
+	}
+	if response.Errors != nil || response.Data == nil || response.Data[0].DefaultValidationMethod != "CNAME" {
+		t.Errorf("Got unexpected response")
+	}
+}
+
 func TestClientGetSiteCertificateRequestStatusDataInBody(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		if req.URL.String() != fmt.Sprintf("%s%d%s", endpointSiteCertV3BasePath, 123, endpointSiteCertV3Suffix) {
@@ -88,7 +110,7 @@ func TestClientGetSiteCertificateRequestStatusDataInBody(t *testing.T) {
 	defer server.Close()
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
-	siteCertificateResponse, diag := client.GetSiteCertificateRequestStatus(123)
+	siteCertificateResponse, diag := client.GetSiteCertificateRequestStatus(123, nil)
 	if diag != nil {
 		t.Errorf("Should not received an error")
 	}
@@ -109,7 +131,7 @@ func TestClientGetSiteCertificateRequestStatusErrorsInBody(t *testing.T) {
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
 
-	siteCertificateResponse, diag := client.GetSiteCertificateRequestStatus(123)
+	siteCertificateResponse, diag := client.GetSiteCertificateRequestStatus(123, nil)
 	if diag != nil {
 		t.Errorf("Should not received an error")
 	}
@@ -129,7 +151,7 @@ func TestClientGetSiteCertificateRequestStatusError500(t *testing.T) {
 	defer server.Close()
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
-	_, diag := client.GetSiteCertificateRequestStatus(123)
+	_, diag := client.GetSiteCertificateRequestStatus(123, nil)
 	if diag == nil || !diag.HasError() || !strings.Contains(diag[0].Detail, "got response status 500, error") {
 		t.Errorf("Should have received an error")
 	}
@@ -138,7 +160,7 @@ func TestClientGetSiteCertificateRequestStatusError500(t *testing.T) {
 func TestClientGetSiteCertificateRequestStatusBadConnection(t *testing.T) {
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: "http://badness.incapsula.com"}
 	client := &Client{config: config, httpClient: &http.Client{Timeout: time.Millisecond * 1}}
-	updateAccountSSLSettingsResponse, diag := client.GetSiteCertificateRequestStatus(123)
+	updateAccountSSLSettingsResponse, diag := client.GetSiteCertificateRequestStatus(123, nil)
 	if diag == nil || !diag.HasError() || !strings.Contains(diag[0].Detail, "Timeout exceeded while awaiting") {
 		t.Errorf("Should have received an time out error")
 	}
@@ -150,7 +172,7 @@ func TestClientGetSiteCertificateRequestStatusBadConnection(t *testing.T) {
 func TestClientDeleteRequestSiteCertificateBadConnection(t *testing.T) {
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: "http://badness.incapsula.com"}
 	client := &Client{config: config, httpClient: &http.Client{Timeout: time.Millisecond * 1}}
-	_, diag := client.DeleteRequestSiteCertificate(123)
+	_, diag := client.DeleteRequestSiteCertificate(123, nil)
 	if diag == nil || !diag.HasError() || !strings.Contains(diag[0].Detail, "Timeout exceeded while awaiting") {
 		t.Errorf("Should have received an time out error")
 	}
@@ -167,12 +189,33 @@ func TestClientDeleteRequestSiteCertificateError500(t *testing.T) {
 	defer server.Close()
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
-	_, diag := client.DeleteRequestSiteCertificate(123)
+	_, diag := client.DeleteRequestSiteCertificate(123, nil)
 	if diag == nil || !diag.HasError() || !strings.Contains(diag[0].Detail, "got response status 500") {
 		t.Errorf("Should have received an error")
 	}
 }
 
+func TestClientDeleteRequestSiteCertificateWithAccountId(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if req.URL.String() != fmt.Sprintf("%s%d%s?caid=%d", endpointSiteCertV3BasePath, 123, endpointSiteCertV3Suffix, 111) {
+			t.Errorf("Should have hit /%s%d%s?caid=%d endpoint. Got: %s", endpointSiteCertV3BasePath, 123, endpointSiteCertV3Suffix, 111, req.URL.String())
+		}
+		rw.Write([]byte("{\"data\":[{\"siteId\":1088225110,\"defaultValidationMethod\":\"CNAME\"}]}"))
+		rw.WriteHeader(200)
+	}))
+	defer server.Close()
+	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
+	client := &Client{config: config, httpClient: &http.Client{}}
+	accountId := 111
+	response, diag := client.DeleteRequestSiteCertificate(123, &accountId)
+	if diag != nil || diag.HasError() {
+		t.Errorf("Should not received an error")
+	}
+	if response.Errors != nil || response.Data == nil || response.Data[0].DefaultValidationMethod != "CNAME" {
+		t.Errorf("Got unexpected response")
+	}
+}
+
 func TestClientValidateDomainBadConnection(t *testing.T) {
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: "http://badness.incapsula.com"}
 	client := &Client{config: config, httpClient: &http.Client{Timeout: time.Millisecond * 1}}
@@ -209,7 +252,7 @@ func TestClientValidateDomain(t *testing.T) {
 	defer server.Close()
 	config := &Config{APIID: "foo", APIKey: "bar", BaseURLAPI: server.URL}
 	client := &Client{config: config, httpClient: &http.Client{}}
-	deleteSiteCertificateResponse, diag := client.DeleteRequestSiteCertificate(123)
+	deleteSiteCertificateResponse, diag := client.DeleteRequestSiteCertificate(123, nil)
 	if diag != nil || diag.HasError() {
 		t.Errorf("Should not received an error")
 	}

diff --git a/incapsula/data_source_ssl_instructions.go b/incapsula/data_source_ssl_instructions.go
@@ -4,11 +4,12 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"strconv"
+	"time"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"golang.org/x/exp/slices"
-	"strconv"
-	"time"
 )
 
 func dataSourceSSLInstructions() *schema.Resource {
@@ -94,7 +95,7 @@ func waitForInstructions(client *Client, siteId int) diag.Diagnostics {
 	}
 	if siteDomainDetailsDto.Data != nil && len(siteDomainDetailsDto.Data) > 0 {
 		for i := 0; i < 20; i++ {
-			siteCertificateV3Response, _ := client.GetSiteCertificateRequestStatus(siteId)
+			siteCertificateV3Response, _ := client.GetSiteCertificateRequestStatus(siteId, nil)
 			b := siteCertificateV3Response != nil && siteCertificateV3Response.Data != nil && len(siteCertificateV3Response.Data) > 0
 			b = b && siteCertificateV3Response.Data[0].CertificatesDetails != nil && validateSans(siteCertificateV3Response.Data[0], siteDomainDetailsDto.Data)
 			if b {

diff --git a/incapsula/resource_domains_validation.go b/incapsula/resource_domains_validation.go
@@ -2,11 +2,12 @@ package incapsula
 
 import (
 	"context"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"log"
 	"strconv"
 	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 func resourceDomainsValidation() *schema.Resource {
@@ -61,7 +62,7 @@ func resourceSSLValidationAdd(ctx context.Context, d *schema.ResourceData, m int
 		index++
 	}
 	for i := 0; i < 50; i++ {
-		siteCertificateV3Response, _ := client.GetSiteCertificateRequestStatus(siteId)
+		siteCertificateV3Response, _ := client.GetSiteCertificateRequestStatus(siteId, nil)
 		b := siteCertificateV3Response != nil && siteCertificateV3Response.Data != nil && len(siteCertificateV3Response.Data) > 0
 		b = b && siteCertificateV3Response.Data[0].CertificatesDetails != nil && len(siteCertificateV3Response.Data[0].CertificatesDetails) > 0
 		b = b && siteCertificateV3Response.Data[0].CertificatesDetails[0].Sans != nil && len(siteCertificateV3Response.Data[0].CertificatesDetails[0].Sans) == len(domainIds)