diff --git a/azurerm/internal/services/apimanagement/api_management_resource.go b/azurerm/internal/services/apimanagement/api_management_resource.go index abe5e233b65b..c53292aa7573 100644 --- a/azurerm/internal/services/apimanagement/api_management_resource.go +++ b/azurerm/internal/services/apimanagement/api_management_resource.go @@ -221,7 +221,7 @@ func resourceApiManagementService() *schema.Resource { "certificate_password": { Type: schema.TypeString, - Required: true, + Optional: true, Sensitive: true, }, @@ -1111,13 +1111,15 @@ func expandAzureRmApiManagementCertificates(d *schema.ResourceData) *[]apimanage config := v.(map[string]interface{}) certBase64 := config["encoded_certificate"].(string) - certificatePassword := config["certificate_password"].(string) storeName := apimanagement.StoreName(config["store_name"].(string)) cert := apimanagement.CertificateConfiguration{ - EncodedCertificate: utils.String(certBase64), - CertificatePassword: utils.String(certificatePassword), - StoreName: storeName, + EncodedCertificate: utils.String(certBase64), + StoreName: storeName, + } + + if certPassword := config["certificate_password"]; certPassword != nil { + cert.CertificatePassword = utils.String(certPassword.(string)) } results = append(results, cert) diff --git a/azurerm/internal/services/apimanagement/api_management_resource_test.go b/azurerm/internal/services/apimanagement/api_management_resource_test.go index 8e0b36114f32..1b2bdc8b91c4 100644 --- a/azurerm/internal/services/apimanagement/api_management_resource_test.go +++ b/azurerm/internal/services/apimanagement/api_management_resource_test.go @@ -810,6 +810,16 @@ resource "azurerm_api_management" "test" { store_name = "Root" } + certificate { + encoded_certificate = filebase64("testdata/api_management_api_test.cer") + store_name = "Root" + } + + certificate { + encoded_certificate = filebase64("testdata/api_management_api_test.cer") + store_name = "CertificateAuthority" + } + protocols { enable_http2 = true } diff --git a/azurerm/internal/services/apimanagement/testdata/api_management_api_test.cer b/azurerm/internal/services/apimanagement/testdata/api_management_api_test.cer new file mode 100755 index 000000000000..e2eb9a4dfdb9 --- /dev/null +++ b/azurerm/internal/services/apimanagement/testdata/api_management_api_test.cer @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsjCCAZoCCQCMdt7DvygPtDANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBh +cGkudGVycmFmb3JtLmlvMB4XDTE4MDcwNTEwMzMzMFoXDTI4MDcwMjEwMzMzMFow +GzEZMBcGA1UEAwwQYXBpLnRlcnJhZm9ybS5pbzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKQW332Ol28CsidAheD1aL9Ul8JWnKLdaVxKZ3ssl5CXjPDO +mM7IXk0SgbQnUC8lIlPFZiDGbQ1sB6OTMun6ZZ4ipLp80dtl0roCLtCnDQOBGzCN +ArCYAoXRurjkXEY7tpD0wwtU72+37h3HQ4g0VS6VItJCqJ9QADV+HO2ZWuZTez70 +MhoL6OLfZP7HGYdJDKgfEVNF5XlbVzNAGkDIJFdhjNxyGGu5Nfsm1pfQhAyunkk7 +JVamjUg5IojRdo63IS9wwzMOdeGSAbBcsJfYeCfVg2kupR8q0TmZ+x93RmmOlbSi +66kEYxRzZ9YCQeHJmn1YfJ92BpCUiy9A6Z1iaKUCAwEAATANBgkqhkiG9w0BAQsF +AAOCAQEAJ7JhlecP7J48wI2QHTMbAMkkWBv/iWq1/QIF4ugH3Zb5PorOv+NfhQ0L +lWiw/SzN8Ae95vUixAGYHMSa28oumM5K1OsqKEkVIo1AoBH8nBz+VcTpRD/mHXot +AHPAZt9j5LqeHX+enR6RbINAf3jn+YU3MdVe0MsADdFASVDfjmQP2R7o9aJb/QqO +g3bZBWsiBDEISfyaH2+pgUM7wtwEoFWmEMlgjLK1MRBs1cDZXqnHaCd/rs+NmWV9 +naEu7x5fyQOk4HozkpweR+Jx1sBlTRsa49/qSHt/6ULKfO01/cTs4iF71ykXPbh3 +Kj9cI2uo9aYtXkxkhKrGyUpA7FJqWw== +-----END CERTIFICATE----- diff --git a/website/docs/r/api_management.html.markdown b/website/docs/r/api_management.html.markdown index 5d9d7d7bc228..6d922697e920 100644 --- a/website/docs/r/api_management.html.markdown +++ b/website/docs/r/api_management.html.markdown @@ -104,12 +104,11 @@ A `additional_location` block supports the following: A `certificate` block supports the following: -* `encoded_certificate` - (Required) The Base64 Encoded PFX Certificate. - -* `certificate_password` - (Required) The password for the certificate. +* `encoded_certificate` - (Required) The Base64 Encoded PFX or Base64 Encoded X.509 Certificate. * `store_name` - (Required) The name of the Certificate Store where this certificate should be stored. Possible values are `CertificateAuthority` and `Root`. +* `certificate_password` - (Optional) The password for the certificate. ---