Add consul_certificate_authority

consul/resource_consul_certificate_authority.go

@@ -0,0 +1,70 @@
+package consul
+
+import (
+	"fmt"
+
+	consulapi "github.com/hashicorp/consul/api"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceConsulCertificateAuthority() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceConsulCertificateAuthorityCreate,
+		Read:   resourceConsulCertificateAuthorityRead,
+		Delete: schema.RemoveFromState,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"connect_provider": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"config": {
+				Type:     schema.TypeMap,
+				Required: true,
+				ForceNew: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func resourceConsulCertificateAuthorityCreate(d *schema.ResourceData, meta interface{}) error {
+	client := getClient(meta).Connect()
+
+	caConfig := &consulapi.CAConfig{
+		Provider: d.Get("connect_provider").(string),
+		Config:   d.Get("config").(map[string]interface{}),
+	}
+
+	if _, err := client.CASetConfig(caConfig, nil); err != nil {
+		return fmt.Errorf("Failed to set CA configuration: %v", err)
+	}
+
+	d.SetId("consul-ca")
+
+	return resourceConsulCertificateAuthorityRead(d, meta)
+}
+
+func resourceConsulCertificateAuthorityRead(d *schema.ResourceData, meta interface{}) error {
+	client := getClient(meta).Connect()
+
+	conf, _, err := client.CAGetConfig(nil)
+	if err != nil {
+		return fmt.Errorf("Failed to get CA configuration: %v", err)
+	}
+
+	if err = d.Set("connect_provider", conf.Provider); err != nil {
+		return fmt.Errorf("Failed to set 'connect_provider': %v", err)
+	}
+
+	if err = d.Set("config", conf.Config); err != nil {
+		return fmt.Errorf("Failed to set 'config': %v", err)
+	}
+
+	return nil
+}

consul/resource_consul_certificate_authority_test.go

@@ -0,0 +1,44 @@
+package consul
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccConsulCertificateAuthority(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConsulCertificateAuthorityConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("consul_certificate_authority.test", "connect_provider", "consul"),
+					resource.TestCheckResourceAttr("consul_certificate_authority.test", "config.%", "3"),
+					resource.TestCheckResourceAttr("consul_certificate_authority.test", "config.LeafCertTTL", "72h"),
+					resource.TestCheckResourceAttr("consul_certificate_authority.test", "config.RotationPeriod", "1234h"),
+					resource.TestCheckResourceAttr("consul_certificate_authority.test", "config.IntermediateCertTTL", "5678h"),
+				),
+			},
+			{
+				Config:            testAccConsulCertificateAuthorityConfig,
+				ResourceName:      "consul_certificate_authority.test",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+const testAccConsulCertificateAuthorityConfig = `
+resource "consul_certificate_authority" "test" {
+	connect_provider = "consul"
+
+	config = {
+		LeafCertTTL         = "72h"
+		RotationPeriod      = "1234h"
+		IntermediateCertTTL = "5678h"
+	}
+}
+`

consul/resource_provider.go

@@ -122,6 +122,7 @@ func Provider() terraform.ResourceProvider {
 			"consul_acl_token_policy_attachment": resourceConsulACLTokenPolicyAttachment(),
 			"consul_agent_service":               resourceConsulAgentService(),
 			"consul_catalog_entry":               resourceConsulCatalogEntry(),
+			"consul_certificate_authority":       resourceConsulCertificateAuthority(),
 			"consul_config_entry":                resourceConsulConfigEntry(),
 			"consul_keys":                        resourceConsulKeys(),
 			"consul_key_prefix":                  resourceConsulKeyPrefix(),

go.mod

@@ -1,11 +1,16 @@
 module github.com/terraform-providers/terraform-provider-consul
 
 require (
-	github.com/hashicorp/consul/api v1.4.0
+	github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 // indirect
+	github.com/aws/aws-sdk-go v1.22.0 // indirect
+	github.com/hashicorp/consul/api v1.5.0
 	github.com/hashicorp/errwrap v1.0.0
-	github.com/hashicorp/terraform v0.12.9 // indirect
+	github.com/hashicorp/go-msgpack v0.5.4 // indirect
+	github.com/hashicorp/hcl v0.0.0-20180906183839-65a6292f0157 // indirect
 	github.com/hashicorp/terraform-plugin-sdk v1.0.0
+	github.com/keybase/go-crypto v0.0.0-20180614160407-5114a9a81e1b // indirect
 	github.com/mitchellh/mapstructure v1.1.2
+	github.com/vmihailenco/msgpack v4.0.1+incompatible // indirect
 )
 
 replace github.com/hashicorp/consul => github.com/hashicorp/consul v1.5.0