diff --git a/internal/services/keyvault/key_vault_certificate_resource.go b/internal/services/keyvault/key_vault_certificate_resource.go index ce9d02e06a02..840abaa824de 100644 --- a/internal/services/keyvault/key_vault_certificate_resource.go +++ b/internal/services/keyvault/key_vault_certificate_resource.go @@ -438,9 +438,11 @@ func createCertificate(d *pluginsdk.ResourceData, meta interface{}) (keyvault.Ce Tags: tags.Expand(t), } - _, err = client.CreateCertificate(ctx, *keyVaultBaseUrl, name, parameters) + result, err := client.CreateCertificate(ctx, *keyVaultBaseUrl, name, parameters) if err != nil { - return keyvault.CertificateBundle{}, err + return keyvault.CertificateBundle{ + Response: result.Response, + }, err } log.Printf("[DEBUG] Waiting for Key Vault Certificate %q in Vault %q to be provisioned", name, *keyVaultBaseUrl) @@ -513,11 +515,11 @@ func resourceKeyVaultCertificateCreate(d *pluginsdk.ResourceData, meta interface if err != nil { if meta.(*clients.Client).Features.KeyVault.RecoverSoftDeletedCerts && utils.ResponseWasConflict(newCert.Response) { if err = recoverDeletedCertificate(ctx, d, meta, *keyVaultBaseUrl, name); err != nil { - return err + return fmt.Errorf("recover deleted certificate: %+v", err) } newCert, err = client.ImportCertificate(ctx, *keyVaultBaseUrl, name, importParameters) if err != nil { - return err + return fmt.Errorf("update recovered certificate: %+v", err) } } else { return err @@ -529,12 +531,12 @@ func resourceKeyVaultCertificateCreate(d *pluginsdk.ResourceData, meta interface if err != nil { if meta.(*clients.Client).Features.KeyVault.RecoverSoftDeletedCerts && utils.ResponseWasConflict(newCert.Response) { if err = recoverDeletedCertificate(ctx, d, meta, *keyVaultBaseUrl, name); err != nil { - return err + return fmt.Errorf("recover deleted certificate: %+v", err) } // after we recovered the existing certificate we still have to apply our changes newCert, err = createCertificate(d, meta) if err != nil { - return err + return fmt.Errorf("update recovered certificate: %+v", err) } } else { return err diff --git a/internal/services/keyvault/key_vault_certificate_resource_test.go b/internal/services/keyvault/key_vault_certificate_resource_test.go index df335c6d8201..2851e7debf68 100644 --- a/internal/services/keyvault/key_vault_certificate_resource_test.go +++ b/internal/services/keyvault/key_vault_certificate_resource_test.go @@ -138,8 +138,7 @@ func TestAccKeyVaultCertificate_softDeleteRecovery(t *testing.T) { ), }, { - Config: r.softDeleteRecovery(data, false), - Destroy: true, + Config: r.softDeleteCertificate(data, false), }, { Config: r.softDeleteRecovery(data, true), @@ -1171,17 +1170,31 @@ resource "azurerm_key_vault_certificate" "test" { `, r.template(data), data.RandomString) } -func (r KeyVaultCertificateResource) softDeleteRecovery(data acceptance.TestData, purge bool) string { +func (r KeyVaultCertificateResource) softDeleteCertificate(data acceptance.TestData, purge bool) string { return fmt.Sprintf(` provider "azurerm" { features { key_vault { - purge_soft_delete_on_destroy = "%t" + purge_soft_deleted_certificates_on_destroy = %t recover_soft_deleted_key_vaults = true } } } +%s`, purge, r.template(data)) +} + +func (r KeyVaultCertificateResource) softDeleteRecovery(data acceptance.TestData, purge bool) string { + return fmt.Sprintf(` +provider "azurerm" { + features { + key_vault { + purge_soft_deleted_certificates_on_destroy = %t + recover_soft_deleted_key_vaults = true + } + } +} + %s resource "azurerm_key_vault_certificate" "test" {