[minor_change] Add aci_certificate_authority and aci_key_ring resourc…

…es and data sources (#1145)

.github/workflows/checks.yml

@@ -90,7 +90,7 @@ jobs:
           go-version-file: 'go.mod'
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: '1.7.*'
+          terraform_version: '1.9.*'
           terraform_wrapper: false
       - name: Terraform Acceptance Test (APIC ${{ matrix.apic_host.name }})
         run: go test github.com/CiscoDevNet/terraform-provider-aci/v2/internal/provider -v -race -timeout 300m -coverprofile=coverage.out -covermode=atomic

docs/data-sources/application_epg.md

@@ -127,7 +127,6 @@ data "aci_application_epg" "example_application_profile" {
   * `switching_mode` (switchingMode) - (string) The switching mode of the Relation To Domain object.
   * `target_dn` (tDn) - (string) The distinguished name of the target Domain object.
   * `untagged` (untagged) - (string) The untagged status of the Relation To Domain object.
-  * `vnet_only` (vnetOnly) - (string) The VNET only status of the Relation To Domain object.
 
 * `relation_to_data_plane_policing_policy` - (map) A map of Relation To Data Plane Policing Policy (ACI object [fvRsDppPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/fvRsDppPol/overview)) pointing to Data Plane Policing Policy (ACI Object [qosDppPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/qosDppPol/overview)). This attribute is supported in ACI versions: 3.0(1k) and later.
   * `annotation` (annotation) - (string) The annotation of the Relation To Data Plane Policing Policy object.

docs/data-sources/certificate_authority.md

@@ -0,0 +1,77 @@
+---
+# Documentation generated by "gen/generator.go"; DO NOT EDIT.
+# In order to regenerate this file execute `go generate` from the repository root.
+# More details can be found in the [README](https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/README.md).
+subcategory: "AAA"
+layout: "aci"
+page_title: "ACI: aci_certificate_authority"
+sidebar_current: "docs-aci-data-source-aci_certificate_authority"
+description: |-
+  Data source for ACI Certificate Authority
+---
+
+# aci_certificate_authority #
+
+Data source for ACI Certificate Authority
+
+## API Information ##
+
+* Class: [pkiTP](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/pkiTP/overview)
+
+* Supported in ACI versions: 1.0(1e) and later.
+
+* Distinguished Name Formats:
+  - `uni/tn-{name}/certstore/tp-{name}`
+  - `uni/userext/pkiext/tp-{name}`
+
+## GUI Information ##
+
+* Locations:
+  - `Admin -> AAA -> Security -> Certificate Authorities`
+  - `Cloud Network Controller -> Administrative -> Security -> Certificate Authorities`
+
+## Example Usage ##
+
+```hcl
+
+data "aci_certificate_authority" "example" {
+  name = "test_name"
+}
+
+// This example is only applicable to Cisco Cloud Network Controller
+data "aci_certificate_authority" "example_tenant" {
+  parent_dn = aci_tenant.example.id
+  name      = "test_name"
+}
+
+```
+
+## Schema ##
+
+### Required ###
+
+* `name` (name) - (string) The name of the Certificate Authority object.
+
+### Optional ###
+
+* `parent_dn` - (string) The distinguished name (DN) of the parent object, possible resources:
+  - [aci_tenant](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/fvTenant) ([fvTenant](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/fvTenant/overview))
+  - Default: `uni/userext/pkiext`
+
+### Read-Only ###
+
+* `id` - (string) The distinguished name (DN) of the Certificate Authority object.
+* `annotation` (annotation) - (string) The annotation of the Certificate Authority object.
+* `certificate_chain` (certChain) - (string) The PEM-encoded chain of trust from the trustpoint to a trusted root authority.
+* `description` (descr) - (string) The description of the Certificate Authority object.
+* `name_alias` (nameAlias) - (string) The name alias of the Certificate Authority object.
+* `owner_key` (ownerKey) - (string) The key for enabling clients to own their data for entity correlation.
+* `owner_tag` (ownerTag) - (string) A tag for enabling clients to add their own data. For example, to indicate who created this object.
+
+* `annotations` - (list) A list of Annotations (ACI object [tagAnnotation](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagAnnotation/overview)). This attribute is supported in ACI versions: 3.2(1l) and later.
+  * `key` (key) - (string) The key used to uniquely identify this configuration object.
+  * `value` (value) - (string) The value of the property.
+
+* `tags` - (list) A list of Tags (ACI object [tagTag](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagTag/overview)). This attribute is supported in ACI versions: 3.2(1l) and later.
+  * `key` (key) - (string) The key used to uniquely identify this configuration object.
+  * `value` (value) - (string) The value of the property.

docs/data-sources/key_ring.md

@@ -0,0 +1,84 @@
+---
+# Documentation generated by "gen/generator.go"; DO NOT EDIT.
+# In order to regenerate this file execute `go generate` from the repository root.
+# More details can be found in the [README](https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/README.md).
+subcategory: "AAA"
+layout: "aci"
+page_title: "ACI: aci_key_ring"
+sidebar_current: "docs-aci-data-source-aci_key_ring"
+description: |-
+  Data source for ACI Key Ring
+---
+
+# aci_key_ring #
+
+Data source for ACI Key Ring
+
+## API Information ##
+
+* Class: [pkiKeyRing](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/pkiKeyRing/overview)
+
+* Supported in ACI versions: 1.0(1e) and later.
+
+* Distinguished Name Formats:
+  - `uni/tn-{name}/certstore/keyring-{name}`
+  - `uni/userext/pkiext/keyring-{name}`
+
+## GUI Information ##
+
+* Locations:
+  - `Admin -> AAA -> Security -> Key Rings`
+  - `Cloud Network Controller -> Administrative -> Security -> Key Rings`
+
+## Example Usage ##
+
+```hcl
+
+data "aci_key_ring" "example" {
+  name = "test_name"
+}
+
+// This example is only applicable to Cisco Cloud Network Controller
+data "aci_key_ring" "example_tenant" {
+  parent_dn = aci_tenant.example.id
+  name      = "test_name"
+}
+
+```
+
+## Schema ##
+
+### Required ###
+
+* `name` (name) - (string) The name of the Key Ring object.
+
+### Optional ###
+
+* `parent_dn` - (string) The distinguished name (DN) of the parent object, possible resources:
+  - [aci_tenant](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/fvTenant) ([fvTenant](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/fvTenant/overview))
+  - Default: `uni/userext/pkiext`
+
+### Read-Only ###
+
+* `id` - (string) The distinguished name (DN) of the Key Ring object.
+* `admin_state` (adminState) - (string) The current administrative state of the certificate request process.
+* `annotation` (annotation) - (string) The annotation of the Key Ring object.
+* `certificate` (cert) - (string) A certificate contains a device's public key along with signed information verifying the identity of the device.
+* `description` (descr) - (string) The description of the Key Ring object.
+* `elliptic_curve` (eccCurve) - (string) The elliptic curve used by the provided key.
+* `key` (key) - (string) The private key of the certificate. This sensitive value is excluded from the resource's lifecycle configuration and is not tracked by Terraform.
+* `key_type` (keyType) - (string) The type used by the provided key.
+* `modulus` (modulus) - (string) The length of the encryption keys. A longer key length increases the difficulty of breaking the key.
+* `name_alias` (nameAlias) - (string) The name alias of the Key Ring object.
+* `owner_key` (ownerKey) - (string) The key for enabling clients to own their data for entity correlation.
+* `owner_tag` (ownerTag) - (string) A tag for enabling clients to add their own data. For example, to indicate who created this object.
+* `regenerate` (regen) - (string) Forces regeneration of the keypair. Each PKI device holds a pair of asymmetric Rivest-Shamir-Adleman (RSA) or Elliptic Curve Cryptography (ECC) encryption keys, one kept private and one made public, stored in an internal key ring.
+* `certificate_authority` (tp) - (string) The certificate of the Certificate Authority (CA) that issued the certificate provided in the 'certificate' attribute. The CA can be a root CA, an intermediate CA, or a trust anchor in a chain of trust leading to a root CA.
+
+* `annotations` - (list) A list of Annotations (ACI object [tagAnnotation](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagAnnotation/overview)). This attribute is supported in ACI versions: 3.2(1l) and later.
+  * `key` (key) - (string) The key used to uniquely identify this configuration object.
+  * `value` (value) - (string) The value of the property.
+
+* `tags` - (list) A list of Tags (ACI object [tagTag](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagTag/overview)). This attribute is supported in ACI versions: 3.2(1l) and later.
+  * `key` (key) - (string) The key used to uniquely identify this configuration object.
+  * `value` (value) - (string) The value of the property.

docs/data-sources/relation_to_domain.md

@@ -72,7 +72,6 @@ data "aci_relation_to_domain" "example_application_epg" {
 * `secondary_encapsulation_inner` (secondaryEncapInner) - (string) The secondary inner encapsulation of the Relation To Domain object. This is used for the portgroup at the VMWare Distributed Virtual Switch (DVS). This VLAN is internal to the DVS and is used for communication between the other VMs and the AVE VM at a host. Traffic is not forwarded to the fabric over the VLAN. Only applicable for Cisco ACI Virtual Edge (AVE) domains.
 * `switching_mode` (switchingMode) - (string) The switching mode of the Relation To Domain object.
 * `untagged` (untagged) - (string) The untagged status of the Relation To Domain object.
-* `vnet_only` (vnetOnly) - (string) The VNET only status of the Relation To Domain object.
 
 * `annotations` - (list) A list of Annotations (ACI object [tagAnnotation](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagAnnotation/overview)). This attribute is supported in ACI versions: 3.2(1l) and later.
   * `key` (key) - (string) The key used to uniquely identify this configuration object.

docs/resources/application_epg.md

@@ -126,7 +126,6 @@ resource "aci_application_epg" "full_example_application_profile" {
       switching_mode                = "AVE"
       target_dn                     = "uni/vmmp-VMware/dom-domain_1"
       untagged                      = "no"
-      vnet_only                     = "no"
     }
   ]
   relation_to_data_plane_policing_policy = {
@@ -398,9 +397,6 @@ All examples for the Application EPG resource can be found in the [examples](htt
   * `untagged` (untagged) - (string) The untagged status of the Relation To Domain object.
       - Default: `no`
       - Valid Values: `no`, `yes`.
-  * `vnet_only` (vnetOnly) - (string) The VNET only status of the Relation To Domain object.
-      - Default: `no`
-      - Valid Values: `no`, `yes`.
 
 * `relation_to_data_plane_policing_policy` - (map) A map of Relation To Data Plane Policing Policy (ACI object [fvRsDppPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/fvRsDppPol/overview)) pointing to Data Plane Policing Policy (ACI Object [qosDppPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/qosDppPol/overview)) which can be configured using the [aci_data_plane_policing_policy](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/data_plane_policing_policy) resource. This attribute is supported in ACI versions: 3.0(1k) and later.