Skip to content

feat: add custom certificate #983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

feat: add custom certificate #983

wants to merge 16 commits into from

Conversation

matheuspolitano
Copy link
Contributor

@matheuspolitano matheuspolitano commented Sep 4, 2025
edited
Loading

Description

https://jira.schwarz/browse/STACKITCDN-1000

Implement Certificate to CDN custom domain

relates to #1234

Checklist

  • Issue was linked above
  • Code format was applied: make fmt
  • Examples were added / adjusted (see examples/ directory)
  • Docs are up-to-date: make generate-docs (will be checked by CI)
  • Unit tests got implemented or updated
  • Acceptance tests got implemented or updated (see e.g. here)
  • Unit tests are passing: make test (will be checked by CI)
  • No linter issues: make lint (will be checked by CI)

@matheuspolitano matheuspolitano requested a review from a team as a code owner September 4, 2025 18:55
@matheuspolitano matheuspolitano changed the title add custom certificate feat: add custom certificate Sep 5, 2025
marceljk
marceljk reviewed Sep 9, 2025
View reviewed changes
marceljk
marceljk reviewed Sep 9, 2025
View reviewed changes
marceljk
marceljk reviewed Sep 11, 2025
View reviewed changes
stackit/internal/services/cdn/customdomain/resource.go
// Update shouldn't be called; custom domains have only computed fields and fields that require replacement when changed
core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating CDN custom domain", "Custom domain cannot be updated")
func (r *customDomainResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { // nolint:gocritic // function signature required by Terraform
var plan CustomDomainModel
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only a nitpick, but could rename plan to model.

Suggested change
var plan CustomDomainModel
var model CustomDomainModel

stackit/internal/services/cdn/cdn_acc_test.go
@@ -51,7 +57,7 @@ func configResources(regions string) string {
resource "stackit_dns_zone" "dns_zone" {
project_id = "%s"
name = "cdn_acc_test_zone"
dns_name = "cdntestzone.stackit.gg"
dns_name = "cdntest-zone.stackit.gg"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I run the acc tests, I get an error that this dns_name is already used. To avoid collisions, this should be (partly) a random name. You can create a var, which stores the dns name for the acc test run and reuse it everywhere. e.g.:

var dnsName = fmt.Sprintf("tf-acc-%s.stackit.gg", acctest.RandStringFromCharSet(5, acctest.CharSetAlpha))

stackit/internal/services/cdn/cdn_acc_test.go Outdated
Comment on lines 271 to 277
// Check if the credentials not update
{
Config: configDatasources(instanceResource["config_regions"], string(cert), string(key)),
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr("data.stackit_cdn_custom_domain.custom_domain", "certificate.version", "1"),
),
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This step isn't needed and can be removed, because you already checked this a few lines above. Also the datasource can't perform an update, only the resource can do it. You can change the step to use configCustomDomainResources if you want, but this step is not necessary

stackit/internal/services/cdn/customdomain/datasource.go Outdated
Comment on lines 98 to 103
Optional: true,
Sensitive: true,
},
"private_key": schema.StringAttribute{
Description: certificateSchemaDescriptions["private_key"],
Optional: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both values should be changed to computed, since they don't need to be set for a read and it doesn't change everything.

Suggested change
Optional: true,
Sensitive: true,
},
"private_key": schema.StringAttribute{
Description: certificateSchemaDescriptions["private_key"],
Optional: true,
Computed: true,
Sensitive: true,
},
"private_key": schema.StringAttribute{
Description: certificateSchemaDescriptions["private_key"],
Computed: true,

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I think they both attributes can be removed, because they can't be read from the API and will always stay empty. This will probably require some adjustments, because then the datasource and resource can't share a model and the map function

stackit/internal/services/cdn/customdomain/resource.go Outdated
Comment on lines 483 to 487
certificateObj, conversionDiags := types.ObjectValue(certificateTypes, certAttributes)
diags.Append(conversionDiags...)
if diags.HasError() {
return core.DiagsToError(diags)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick

Suggested change
certificateObj, conversionDiags := types.ObjectValue(certificateTypes, certAttributes)
diags.Append(conversionDiags...)
if diags.HasError() {
return core.DiagsToError(diags)
}
certificateObj, diags := types.ObjectValue(certificateTypes, certAttributes)
if diags.HasError() {
return fmt.Errorf("failed to map certificate: %w", core.DiagsToError(diags))
}

stackit/internal/services/cdn/customdomain/resource.go Outdated
if err != nil {
return fmt.Errorf("Certificate error in normalizer: %w", err)
}
var diags diag.Diagnostics
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be removed when applying the previous change

Suggested change
var diags diag.Diagnostics

stackit/internal/services/cdn/customdomain/resource.go Outdated
Comment on lines 406 to 410
var certModel struct {
Certificate types.String `tfsdk:"certificate"`
PrivateKey types.String `tfsdk:"private_key"`
Version types.Int64 `tfsdk:"version"`
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be stored in a separate type and reuse it here.

Add this at the top of this file, next to CustomDomainModel

type CertificateModel struct {
	Certificate types.String `tfsdk:"certificate"`
	PrivateKey  types.String `tfsdk:"private_key"`
	Version     types.Int64  `tfsdk:"version"`
}

and then you can use it here

Suggested change
var certModel struct {
Certificate types.String `tfsdk:"certificate"`
PrivateKey types.String `tfsdk:"private_key"`
Version types.Int64 `tfsdk:"version"`
}
var certModel CertificateModel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marceljk marceljk marceljk left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@marceljk marceljk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matheuspolitano @marceljk