Skip to content

Commit a456bd0

Browse files
heuelsheuels
committed
feat: support acme ssl certificates
1 parent d9dfe6e commit a456bd0

File tree

4 files changed

+86
-37
lines changed

4 files changed

+86
-37
lines changed

routeros/mikrotik_client.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ const (
3232
crudUpdate
3333
crudDelete
3434
crudPost
35+
crudEnableSslCertificate
3536
crudImport
3637
crudSign
3738
crudSignViaScep

routeros/mikrotik_client_api.go

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -21,20 +21,21 @@ type ApiClient struct {
2121

2222
var (
2323
apiMethodName = map[crudMethod]string{
24-
crudCreate: "/add",
25-
crudRead: "/print",
26-
crudUpdate: "/set",
27-
crudDelete: "/remove",
28-
crudPost: "/set",
29-
crudImport: "/import",
30-
crudSign: "/sign",
31-
crudSignViaScep: "/add-scep",
32-
crudRemove: "/remove",
33-
crudRevoke: "/issued-revoke",
34-
crudMove: "/move",
35-
crudStart: "/start",
36-
crudStop: "/stop",
37-
crudGenerateKey: "/generate-key",
24+
crudCreate: "/add",
25+
crudRead: "/print",
26+
crudUpdate: "/set",
27+
crudDelete: "/remove",
28+
crudPost: "/set",
29+
crudEnableSslCertificate: "/enable-ssl-certificate",
30+
crudImport: "/import",
31+
crudSign: "/sign",
32+
crudSignViaScep: "/add-scep",
33+
crudRemove: "/remove",
34+
crudRevoke: "/issued-revoke",
35+
crudMove: "/move",
36+
crudStart: "/start",
37+
crudStop: "/stop",
38+
crudGenerateKey: "/generate-key",
3839
}
3940
)
4041

routeros/mikrotik_client_rest.go

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,21 @@ type errorResponse struct {
2929

3030
var (
3131
restMethodName = map[crudMethod]string{
32-
crudCreate: "PUT",
33-
crudRead: "GET",
34-
crudUpdate: "PATCH",
35-
crudDelete: "DELETE",
36-
crudPost: "POST",
37-
crudImport: "POST",
38-
crudSign: "POST",
39-
crudSignViaScep: "POST",
40-
crudRemove: "POST",
41-
crudRevoke: "POST",
42-
crudMove: "POST",
43-
crudStart: "POST",
44-
crudStop: "POST",
45-
crudGenerateKey: "POST",
32+
crudCreate: "PUT",
33+
crudRead: "GET",
34+
crudUpdate: "PATCH",
35+
crudDelete: "DELETE",
36+
crudPost: "POST",
37+
crudEnableSslCertificate: "POST",
38+
crudImport: "POST",
39+
crudSign: "POST",
40+
crudSignViaScep: "POST",
41+
crudRemove: "POST",
42+
crudRevoke: "POST",
43+
crudMove: "POST",
44+
crudStart: "POST",
45+
crudStop: "POST",
46+
crudGenerateKey: "POST",
4647
}
4748
)
4849

routeros/resource_system_certificate.go

Lines changed: 55 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,36 @@ func ResourceSystemCertificate() *schema.Resource {
4040
resSchema := map[string]*schema.Schema{
4141
MetaResourcePath: PropResourcePath("/certificate"),
4242
MetaId: PropId(Id),
43-
MetaSkipFields: PropSkipFields("import", "sign", "sign_via_scep"),
43+
MetaSkipFields: PropSkipFields("acme_ssl_certificate", "import", "sign", "sign_via_scep"),
4444

45+
"acme_ssl_certificate": {
46+
Type: schema.TypeSet,
47+
Optional: true,
48+
Description: "Enable SSL certificate. This will generate a new certificate using ACME protocol.",
49+
ConflictsWith: []string{"import", "sign", "sign_via_scep"},
50+
Elem: &schema.Resource{
51+
Schema: map[string]*schema.Schema{
52+
"directory_url": {
53+
Type: schema.TypeString,
54+
Optional: true,
55+
Description: "ACME directory url.",
56+
DiffSuppressFunc: AlwaysPresentNotUserProvided,
57+
},
58+
"eab_hmac_key": {
59+
Type: schema.TypeString,
60+
Optional: true,
61+
Description: "HMAC key for ACME External Account Binding (optional).",
62+
DiffSuppressFunc: AlwaysPresentNotUserProvided,
63+
},
64+
"eab_kid": {
65+
Type: schema.TypeString,
66+
Optional: true,
67+
Description: "Key identifier.",
68+
DiffSuppressFunc: AlwaysPresentNotUserProvided,
69+
},
70+
},
71+
},
72+
},
4573
"authority": {
4674
Type: schema.TypeString,
4775
Computed: true,
@@ -126,7 +154,7 @@ func ResourceSystemCertificate() *schema.Resource {
126154
Type: schema.TypeSet,
127155
Optional: true,
128156
ForceNew: true,
129-
ConflictsWith: []string{"sign", "sign_via_scep"},
157+
ConflictsWith: []string{"acme_ssl_certificate", "sign", "sign_via_scep"},
130158
Elem: &schema.Resource{
131159
Schema: map[string]*schema.Schema{
132160
"cert_file_name": {
@@ -249,7 +277,7 @@ func ResourceSystemCertificate() *schema.Resource {
249277
Type: schema.TypeSet,
250278
Optional: true,
251279
ForceNew: true,
252-
ConflictsWith: []string{"sign_via_scep"},
280+
ConflictsWith: []string{"acme_ssl_certificate", "sign_via_scep"},
253281
Elem: &schema.Resource{
254282
Schema: map[string]*schema.Schema{
255283
"ca": {
@@ -282,7 +310,7 @@ func ResourceSystemCertificate() *schema.Resource {
282310
Type: schema.TypeSet,
283311
Optional: true,
284312
ForceNew: true,
285-
ConflictsWith: []string{"sign"},
313+
ConflictsWith: []string{"acme_ssl_certificate", "sign"},
286314
Elem: &schema.Resource{
287315
Schema: map[string]*schema.Schema{
288316
"scep_url": {
@@ -426,11 +454,13 @@ func ResourceSystemCertificate() *schema.Resource {
426454
var command string // MikroTik command to sign certificate
427455
var ok bool
428456

429-
if _, ok = d.GetOk("import"); !ok {
430-
// Run DefaultCreate.
431-
diags = ResourceCreate(ctx, resSchema, d, m)
432-
if diags.HasError() {
433-
return diags
457+
if _, ok = d.GetOk("acme_ssl_certificate"); !ok {
458+
if _, ok = d.GetOk("import"); !ok {
459+
// Run DefaultCreate.
460+
diags = ResourceCreate(ctx, resSchema, d, m)
461+
if diags.HasError() {
462+
return diags
463+
}
434464
}
435465
}
436466

@@ -447,6 +477,11 @@ func ResourceSystemCertificate() *schema.Resource {
447477
crudMethod = crudSignViaScep
448478
// https://router/rest/certificate/add-scep
449479
command = "/add-scep"
480+
} else if cmdBlock, ok = d.GetOk("acme_ssl_certificate"); ok {
481+
params = MikrotikItem{"dns-name": d.Get("common_name").(string)}
482+
crudMethod = crudEnableSslCertificate
483+
// https://router/rest/certificate/enable-ssl-certificate
484+
command = "/enable-ssl-certificate"
450485
} else if cmdBlock, ok = d.GetOk("import"); ok {
451486
return certImport(ctx, cmdBlock, d, m)
452487
} else {
@@ -481,6 +516,17 @@ func ResourceSystemCertificate() *schema.Resource {
481516
return diag.FromErr(err)
482517
}
483518

519+
if command == "/enable-ssl-certificate" {
520+
d.SetId(d.Get("name").(string))
521+
id, err := dynamicIdLookup(Name, resSchema[MetaResourcePath].Default.(string), m.(Client), d)
522+
523+
if err != nil {
524+
return diag.FromErr(err)
525+
}
526+
527+
d.SetId(id)
528+
}
529+
484530
return ResourceRead(ctx, resSchema, d, m)
485531
}
486532

0 commit comments

Comments
 (0)