Skip to content

Commit 7616856

Browse files
heuelsheuels
committed
feat: support acme ssl certificates
1 parent d9dfe6e commit 7616856

File tree

4 files changed

+87
-37
lines changed

4 files changed

+87
-37
lines changed

routeros/mikrotik_client.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ const (
3232
crudUpdate
3333
crudDelete
3434
crudPost
35+
crudEnableSslCertificate
3536
crudImport
3637
crudSign
3738
crudSignViaScep

routeros/mikrotik_client_api.go

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -21,20 +21,21 @@ type ApiClient struct {
2121

2222
var (
2323
apiMethodName = map[crudMethod]string{
24-
crudCreate: "/add",
25-
crudRead: "/print",
26-
crudUpdate: "/set",
27-
crudDelete: "/remove",
28-
crudPost: "/set",
29-
crudImport: "/import",
30-
crudSign: "/sign",
31-
crudSignViaScep: "/add-scep",
32-
crudRemove: "/remove",
33-
crudRevoke: "/issued-revoke",
34-
crudMove: "/move",
35-
crudStart: "/start",
36-
crudStop: "/stop",
37-
crudGenerateKey: "/generate-key",
24+
crudCreate: "/add",
25+
crudRead: "/print",
26+
crudUpdate: "/set",
27+
crudDelete: "/remove",
28+
crudPost: "/set",
29+
crudEnableSslCertificate: "/enable-ssl-certificate",
30+
crudImport: "/import",
31+
crudSign: "/sign",
32+
crudSignViaScep: "/add-scep",
33+
crudRemove: "/remove",
34+
crudRevoke: "/issued-revoke",
35+
crudMove: "/move",
36+
crudStart: "/start",
37+
crudStop: "/stop",
38+
crudGenerateKey: "/generate-key",
3839
}
3940
)
4041

routeros/mikrotik_client_rest.go

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,21 @@ type errorResponse struct {
2929

3030
var (
3131
restMethodName = map[crudMethod]string{
32-
crudCreate: "PUT",
33-
crudRead: "GET",
34-
crudUpdate: "PATCH",
35-
crudDelete: "DELETE",
36-
crudPost: "POST",
37-
crudImport: "POST",
38-
crudSign: "POST",
39-
crudSignViaScep: "POST",
40-
crudRemove: "POST",
41-
crudRevoke: "POST",
42-
crudMove: "POST",
43-
crudStart: "POST",
44-
crudStop: "POST",
45-
crudGenerateKey: "POST",
32+
crudCreate: "PUT",
33+
crudRead: "GET",
34+
crudUpdate: "PATCH",
35+
crudDelete: "DELETE",
36+
crudPost: "POST",
37+
crudEnableSslCertificate: "POST",
38+
crudImport: "POST",
39+
crudSign: "POST",
40+
crudSignViaScep: "POST",
41+
crudRemove: "POST",
42+
crudRevoke: "POST",
43+
crudMove: "POST",
44+
crudStart: "POST",
45+
crudStop: "POST",
46+
crudGenerateKey: "POST",
4647
}
4748
)
4849

routeros/resource_system_certificate.go

Lines changed: 56 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,37 @@ func ResourceSystemCertificate() *schema.Resource {
4040
resSchema := map[string]*schema.Schema{
4141
MetaResourcePath: PropResourcePath("/certificate"),
4242
MetaId: PropId(Id),
43-
MetaSkipFields: PropSkipFields("import", "sign", "sign_via_scep"),
43+
MetaSkipFields: PropSkipFields("acme_ssl_certificate", "import", "sign", "sign_via_scep"),
4444

45+
"acme_ssl_certificate": {
46+
Type: schema.TypeSet,
47+
Optional: true,
48+
ForceNew: true,
49+
Description: "Enable SSL certificate. This will generate a new certificate using ACME protocol.",
50+
ConflictsWith: []string{"import", "sign", "sign_via_scep"},
51+
Elem: &schema.Resource{
52+
Schema: map[string]*schema.Schema{
53+
"directory_url": {
54+
Type: schema.TypeString,
55+
Optional: true,
56+
Description: "ACME directory url.",
57+
DiffSuppressFunc: AlwaysPresentNotUserProvided,
58+
},
59+
"eab_hmac_key": {
60+
Type: schema.TypeString,
61+
Optional: true,
62+
Description: "HMAC key for ACME External Account Binding (optional).",
63+
DiffSuppressFunc: AlwaysPresentNotUserProvided,
64+
},
65+
"eab_kid": {
66+
Type: schema.TypeString,
67+
Optional: true,
68+
Description: "Key identifier.",
69+
DiffSuppressFunc: AlwaysPresentNotUserProvided,
70+
},
71+
},
72+
},
73+
},
4574
"authority": {
4675
Type: schema.TypeString,
4776
Computed: true,
@@ -126,7 +155,7 @@ func ResourceSystemCertificate() *schema.Resource {
126155
Type: schema.TypeSet,
127156
Optional: true,
128157
ForceNew: true,
129-
ConflictsWith: []string{"sign", "sign_via_scep"},
158+
ConflictsWith: []string{"acme_ssl_certificate", "sign", "sign_via_scep"},
130159
Elem: &schema.Resource{
131160
Schema: map[string]*schema.Schema{
132161
"cert_file_name": {
@@ -249,7 +278,7 @@ func ResourceSystemCertificate() *schema.Resource {
249278
Type: schema.TypeSet,
250279
Optional: true,
251280
ForceNew: true,
252-
ConflictsWith: []string{"sign_via_scep"},
281+
ConflictsWith: []string{"acme_ssl_certificate", "sign_via_scep"},
253282
Elem: &schema.Resource{
254283
Schema: map[string]*schema.Schema{
255284
"ca": {
@@ -282,7 +311,7 @@ func ResourceSystemCertificate() *schema.Resource {
282311
Type: schema.TypeSet,
283312
Optional: true,
284313
ForceNew: true,
285-
ConflictsWith: []string{"sign"},
314+
ConflictsWith: []string{"acme_ssl_certificate", "sign"},
286315
Elem: &schema.Resource{
287316
Schema: map[string]*schema.Schema{
288317
"scep_url": {
@@ -426,11 +455,13 @@ func ResourceSystemCertificate() *schema.Resource {
426455
var command string // MikroTik command to sign certificate
427456
var ok bool
428457

429-
if _, ok = d.GetOk("import"); !ok {
430-
// Run DefaultCreate.
431-
diags = ResourceCreate(ctx, resSchema, d, m)
432-
if diags.HasError() {
433-
return diags
458+
if _, ok = d.GetOk("acme_ssl_certificate"); !ok {
459+
if _, ok = d.GetOk("import"); !ok {
460+
// Run DefaultCreate.
461+
diags = ResourceCreate(ctx, resSchema, d, m)
462+
if diags.HasError() {
463+
return diags
464+
}
434465
}
435466
}
436467

@@ -447,6 +478,11 @@ func ResourceSystemCertificate() *schema.Resource {
447478
crudMethod = crudSignViaScep
448479
// https://router/rest/certificate/add-scep
449480
command = "/add-scep"
481+
} else if cmdBlock, ok = d.GetOk("acme_ssl_certificate"); ok {
482+
params = MikrotikItem{"dns-name": d.Get("common_name").(string)}
483+
crudMethod = crudEnableSslCertificate
484+
// https://router/rest/certificate/enable-ssl-certificate
485+
command = "/enable-ssl-certificate"
450486
} else if cmdBlock, ok = d.GetOk("import"); ok {
451487
return certImport(ctx, cmdBlock, d, m)
452488
} else {
@@ -481,6 +517,17 @@ func ResourceSystemCertificate() *schema.Resource {
481517
return diag.FromErr(err)
482518
}
483519

520+
if command == "/enable-ssl-certificate" {
521+
d.SetId(d.Get("name").(string))
522+
id, err := dynamicIdLookup(Name, resSchema[MetaResourcePath].Default.(string), m.(Client), d)
523+
524+
if err != nil {
525+
return diag.FromErr(err)
526+
}
527+
528+
d.SetId(id)
529+
}
530+
484531
return ResourceRead(ctx, resSchema, d, m)
485532
}
486533

0 commit comments

Comments
 (0)