From 8f264a8959b6d3a2873a59852492bc99ea54a9e1 Mon Sep 17 00:00:00 2001 From: Tom Bamford Date: Wed, 18 Jan 2023 23:07:22 +0000 Subject: [PATCH] Apply suggestions from code review --- .../service_principal_token_signing_certificate.md | 4 ++-- ..._principal_token_signing_certificate_resource.go | 13 ++++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/resources/service_principal_token_signing_certificate.md b/docs/resources/service_principal_token_signing_certificate.md index fcabf02ef9..8453ef646d 100644 --- a/docs/resources/service_principal_token_signing_certificate.md +++ b/docs/resources/service_principal_token_signing_certificate.md @@ -73,7 +73,7 @@ In addition to all arguments above, the following attributes are exported: * `start_date` - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). -* `value` - The certificate data, which is pem encoded but does not include the +* `value` - The certificate data, which is PEM encoded but does not include the header `-----BEGIN CERTIFICATE-----\n` or the footer `\n-----END CERTIFICATE-----`. ## Import @@ -81,7 +81,7 @@ header `-----BEGIN CERTIFICATE-----\n` or the footer `\n-----END CERTIFICATE---- Token signing certificates can be imported using the object ID of the associated service principal and the key ID of the verify certificate credential, e.g. ```shell -terraform import azuread_service_principal_token_signing_certificate.test 00000000-0000-0000-0000-000000000000/tokenSigningCertificate/11111111-1111-1111-1111-111111111111 +terraform import azuread_service_principal_token_signing_certificate.example 00000000-0000-0000-0000-000000000000/tokenSigningCertificate/11111111-1111-1111-1111-111111111111 ``` -> This ID format is unique to Terraform and is composed of the service principal's object ID, the string "tokenSigningCertificate" and the verify certificate's key ID in the format `{ServicePrincipalObjectId}/tokenSigningCertificate/{CertificateKeyId}`. diff --git a/internal/services/serviceprincipals/service_principal_token_signing_certificate_resource.go b/internal/services/serviceprincipals/service_principal_token_signing_certificate_resource.go index 44de9e9488..dc30436312 100644 --- a/internal/services/serviceprincipals/service_principal_token_signing_certificate_resource.go +++ b/internal/services/serviceprincipals/service_principal_token_signing_certificate_resource.go @@ -83,13 +83,13 @@ func servicePrincipalTokenSigningCertificateResource() *schema.Resource { }, "start_date": { - Description: "The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used", + Description: "The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).", Type: schema.TypeString, Computed: true, }, "value": { - Description: "The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER", + Description: "The certificate data, which is PEM encoded but does not include the header/footer", Type: schema.TypeString, Computed: true, Sensitive: true, @@ -115,13 +115,14 @@ func servicePrincipalTokenSigningCertificateResourceCreate(ctx context.Context, keyCreds.EndDateTime = &endDate } + tf.LockByName(servicePrincipalResourceName, objectId) + defer tf.UnlockByName(servicePrincipalResourceName, objectId) + key, _, err := client.AddTokenSigningCertificate(ctx, objectId, keyCreds) if err != nil { return tf.ErrorDiagF(err, "Could not add token signing certificate to service principal with object ID: %q", objectId) } - tf.LockByName(servicePrincipalResourceName, objectId) - defer tf.UnlockByName(servicePrincipalResourceName, objectId) // Wait for the credential to appear in the service principal manifest, this can take several minutes timeout, _ := ctx.Deadline() @@ -163,6 +164,9 @@ func servicePrincipalTokenSigningCertificateResourceCreate(ctx context.Context, } credential := helpers.GetVerifyKeyCredentialFromCustomKeyId(servicePrincipal.KeyCredentials, *key.CustomKeyIdentifier) + if credential == nil { + return tf.ErrorDiagF(errors.New("returned credential was nil"), "Could not determine key ID for newly added token signing certificate on service principal %q", objectId) + } id := parse.NewCredentialID(objectId, "tokenSigningCertificate", *credential.KeyId) d.SetId(id.String()) @@ -261,7 +265,6 @@ func servicePrincipalTokenSigningCertificateResourceDelete(ctx context.Context, } } } - log.Printf("[Info] App Password: %v", *app.PasswordCredentials) newPasswordCredentials := make([]msgraph.PasswordCredential, 0) if app.PasswordCredentials != nil {