azurerm_application_gateway - add trusted_root_certificate_name… (#5204)

Possible fix for issue #4502 continues #4821
hashicorp · Dec 18, 2019 · 4084a65 · 4084a65
1 parent 8f97f84
commit 4084a65
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 2 deletions.
diff --git a/azurerm/resource_arm_application_gateway.go b/azurerm/resource_arm_application_gateway.go
@@ -246,6 +246,15 @@ func resourceArmApplicationGateway() *schema.Resource {
 							},
 						},
 
+						"trusted_root_certificate_names": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validate.NoEmptyStrings,
+							},
+						},
+
 						"connection_draining": {
 							Type:     schema.TypeList,
 							MaxItems: 1,
@@ -2011,6 +2020,23 @@ func expandApplicationGatewayBackendHTTPSettings(d *schema.ResourceData, gateway
 			setting.ApplicationGatewayBackendHTTPSettingsPropertiesFormat.AuthenticationCertificates = &authCertSubResources
 		}
 
+		if v["trusted_root_certificate_names"] != nil {
+			trustedRootCertNames := v["trusted_root_certificate_names"].([]interface{})
+			trustedRootCertSubResources := make([]network.SubResource, 0)
+
+			for _, rawTrustedRootCertName := range trustedRootCertNames {
+				trustedRootCertName := rawTrustedRootCertName.(string)
+				trustedRootCertID := fmt.Sprintf("%s/trustedRootCertificates/%s", gatewayID, trustedRootCertName)
+				trustedRootCertSubResource := network.SubResource{
+					ID: utils.String(trustedRootCertID),
+				}
+
+				trustedRootCertSubResources = append(trustedRootCertSubResources, trustedRootCertSubResource)
+			}
+
+			setting.ApplicationGatewayBackendHTTPSettingsPropertiesFormat.TrustedRootCertificates = &trustedRootCertSubResources
+		}
+
 		probeName := v["probe_name"].(string)
 		if probeName != "" {
 			probeID := fmt.Sprintf("%s/probes/%s", gatewayID, probeName)
@@ -2094,6 +2120,24 @@ func flattenApplicationGatewayBackendHTTPSettings(input *[]network.ApplicationGa
 			}
 			output["authentication_certificate"] = authenticationCertificates
 
+			trustedRootCertificateNames := make([]interface{}, 0)
+			if certs := props.TrustedRootCertificates; certs != nil {
+				for _, cert := range *certs {
+					if cert.ID == nil {
+						continue
+					}
+
+					certId, err := azure.ParseAzureResourceID(*cert.ID)
+					if err != nil {
+						return nil, err
+					}
+
+					certName := certId.Path["trustedRootCertificates"]
+					trustedRootCertificateNames = append(trustedRootCertificateNames, certName)
+				}
+			}
+			output["trusted_root_certificate_names"] = trustedRootCertificateNames
+
 			if probe := props.Probe; probe != nil {
 				if probe.ID != nil {
 					id, err := azure.ParseAzureResourceID(*probe.ID)

diff --git a/azurerm/resource_arm_application_gateway_test.go b/azurerm/resource_arm_application_gateway_test.go
@@ -1955,6 +1955,8 @@ resource "azurerm_application_gateway" "test" {
     key_vault_secret_id = "${azurerm_key_vault_certificate.test.secret_id}"
   }
 
+
+
   http_listener {
     name                           = "${local.listener_name}"
     frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}"
@@ -2033,6 +2035,9 @@ resource "azurerm_application_gateway" "test" {
     port                  = 443
     protocol              = "Https"
     request_timeout       = 1
+
+    pick_host_name_from_backend_address = true
+    trusted_root_certificate_names      = ["${local.auth_cert_name}"] 
   }
 
   trusted_root_certificate {
@@ -2200,6 +2205,9 @@ resource "azurerm_application_gateway" "test" {
     port                  = 443
     protocol              = "Https"
     request_timeout       = 1
+
+    pick_host_name_from_backend_address = true
+    trusted_root_certificate_names      = ["${local.auth_cert_name}"]
   }
 
   trusted_root_certificate {

diff --git a/website/docs/r/application_gateway.html.markdown b/website/docs/r/application_gateway.html.markdown
@@ -189,9 +189,9 @@ A `authentication_certificate` block supports the following:
 
 A `trusted_root_certificate` block supports the following:
 
-* `name` - (Required) The Name of the Authentication Certificate to use.
+* `name` - (Required) The Name of the Trusted Root Certificate to use.
 
-* `data` - (Required) The contents of the Authentication Certificate which should be used.
+* `data` - (Required) The contents of the Trusted Root Certificate which should be used.
 
 ---
 
@@ -239,6 +239,8 @@ A `backend_http_settings` block supports the following:
 
 * `authentication_certificate` - (Optional) One or more `authentication_certificate` blocks.
 
+* `trusted_root_certificate_names` - (Optional) A list of `trusted_root_certificate` names.
+
 * `connection_draining` - (Optional) A `connection_draining` block as defined below.
 
 ---