azurerm_service_fabric_cluster - support for Client Certificate… (#6097)

Addressing #4528 Added support in azurerm_service_fabric_cluster for client_certificate_common_name block. Example block: client_certificate_common_name { certificate_common_name = "CertificateCommonName" is_admin = true certificate_issuer_thumbprint = "3341DB6CF2AF72C611DF3BE3721A653AF1D43ECD50F584F828793DBE9103C3EE" } Change also required updating unit tests for Cluster Code Version (previous was no longer supported) as well as updating thumbprints from "33:41:DB:6C:F2:AF:72:C6:11:DF:3B:E3:72:1A:65:3A:F1:D4:3E:CD:50:F5:84:F8:28:79:3D:BE:91:03:C3:EE" to "3341DB6CF2AF72C611DF3BE3721A653AF1D43ECD50F584F828793DBE9103C3EE" to fix error of Error: Error creating Service Fabric Cluster "acctest-200312100109887030" (Resource Group "acctestRG-200312100109887030"): servicefabric.ClustersClient#Create: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidCertificateThumbprint" Message="Certificate thumbprint '33:41:DB:6C:F2:AF:72:C6:11:DF:3B:E3:72:1A:65:3A:F1:D4:3E:CD:50:F5:84:F8:28:79:3D:BE:91:03:C3:EE' is invalid." Details=[]
hashicorp · Mar 25, 2020 · 9e47779 · 9e47779
1 parent e21f1c9
commit 9e47779
Show file tree

Hide file tree

Showing 3 changed files with 215 additions and 29 deletions.
diff --git a/azurerm/internal/services/servicefabric/resource_arm_service_fabric_cluster.go b/azurerm/internal/services/servicefabric/resource_arm_service_fabric_cluster.go
@@ -220,6 +220,29 @@ func resourceArmServiceFabricCluster() *schema.Resource {
 				},
 			},
 
+			"client_certificate_common_name": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"common_name": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+						"issuer_thumbprint": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+						"is_admin": {
+							Type:     schema.TypeBool,
+							Required: true,
+						},
+					},
+				},
+			},
+
 			"diagnostics_config": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -415,9 +438,6 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
 	reverseProxyCertificateRaw := d.Get("reverse_proxy_certificate").([]interface{})
 	reverseProxyCertificate := expandServiceFabricClusterReverseProxyCertificate(reverseProxyCertificateRaw)
 
-	clientCertificateThumbprintRaw := d.Get("client_certificate_thumbprint").([]interface{})
-	clientCertificateThumbprints := expandServiceFabricClusterClientCertificateThumbprints(clientCertificateThumbprintRaw)
-
 	diagnosticsRaw := d.Get("diagnostics_config").([]interface{})
 	diagnostics := expandServiceFabricClusterDiagnosticsConfig(diagnosticsRaw)
 
@@ -435,7 +455,6 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
 			AzureActiveDirectory:            azureActiveDirectory,
 			CertificateCommonNames:          expandServiceFabricClusterCertificateCommonNames(d),
 			ReverseProxyCertificate:         reverseProxyCertificate,
-			ClientCertificateThumbprints:    clientCertificateThumbprints,
 			DiagnosticsStorageAccountConfig: diagnostics,
 			FabricSettings:                  fabricSettings,
 			ManagementEndpoint:              utils.String(managementEndpoint),
@@ -451,6 +470,16 @@ func resourceArmServiceFabricClusterCreateUpdate(d *schema.ResourceData, meta in
 		cluster.ClusterProperties.Certificate = certificate
 	}
 
+	if clientCertificateThumbprintRaw, ok := d.GetOk("client_certificate_thumbprint"); ok {
+		clientCertificateThumbprints := expandServiceFabricClusterClientCertificateThumbprints(clientCertificateThumbprintRaw.([]interface{}))
+		cluster.ClusterProperties.ClientCertificateThumbprints = clientCertificateThumbprints
+	}
+
+	if clientCertificateCommonNamesRaw, ok := d.GetOk("client_certificate_common_name"); ok {
+		clientCertificateCommonNames := expandServiceFabricClusterClientCertificateCommonNames(clientCertificateCommonNamesRaw.([]interface{}))
+		cluster.ClusterProperties.ClientCertificateCommonNames = clientCertificateCommonNames
+	}
+
 	if clusterCodeVersion != "" {
 		cluster.ClusterProperties.ClusterCodeVersion = utils.String(clusterCodeVersion)
 	}
@@ -542,6 +571,11 @@ func resourceArmServiceFabricClusterRead(d *schema.ResourceData, meta interface{
 			return fmt.Errorf("Error setting `client_certificate_thumbprint`: %+v", err)
 		}
 
+		clientCertificateCommonNames := flattenServiceFabricClusterClientCertificateCommonNames(props.ClientCertificateCommonNames)
+		if err := d.Set("client_certificate_common_name", clientCertificateCommonNames); err != nil {
+			return fmt.Errorf("Error setting `client_certificate_common_name`: %+v", err)
+		}
+
 		diagnostics := flattenServiceFabricClusterDiagnosticsConfig(props.DiagnosticsStorageAccountConfig)
 		if err := d.Set("diagnostics_config", diagnostics); err != nil {
 			return fmt.Errorf("Error setting `diagnostics_config`: %+v", err)
@@ -841,6 +875,54 @@ func flattenServiceFabricClusterClientCertificateThumbprints(input *[]servicefab
 	return results
 }
 
+func expandServiceFabricClusterClientCertificateCommonNames(input []interface{}) *[]servicefabric.ClientCertificateCommonName {
+	results := make([]servicefabric.ClientCertificateCommonName, 0)
+
+	for _, v := range input {
+		val := v.(map[string]interface{})
+
+		certificate_common_name := val["common_name"].(string)
+		certificate_issuer_thumbprint := val["issuer_thumbprint"].(string)
+		isAdmin := val["is_admin"].(bool)
+
+		result := servicefabric.ClientCertificateCommonName{
+			CertificateCommonName:       utils.String(certificate_common_name),
+			CertificateIssuerThumbprint: utils.String(certificate_issuer_thumbprint),
+			IsAdmin:                     utils.Bool(isAdmin),
+		}
+		results = append(results, result)
+	}
+
+	return &results
+}
+
+func flattenServiceFabricClusterClientCertificateCommonNames(input *[]servicefabric.ClientCertificateCommonName) []interface{} {
+	if input == nil {
+		return []interface{}{}
+	}
+
+	results := make([]interface{}, 0)
+
+	for _, v := range *input {
+		result := make(map[string]interface{})
+
+		if certificate_common_name := v.CertificateCommonName; certificate_common_name != nil {
+			result["common_name"] = *certificate_common_name
+		}
+
+		if certificate_issuer_thumbprint := v.CertificateIssuerThumbprint; certificate_issuer_thumbprint != nil {
+			result["issuer_thumbprint"] = *certificate_issuer_thumbprint
+		}
+
+		if isAdmin := v.IsAdmin; isAdmin != nil {
+			result["is_admin"] = *isAdmin
+		}
+		results = append(results, result)
+	}
+
+	return results
+}
+
 func expandServiceFabricClusterDiagnosticsConfig(input []interface{}) *servicefabric.DiagnosticsStorageAccountConfig {
 	if len(input) == 0 {
 		return nil