Skip to content

Commit

Permalink
use optionallyversioned parser (#27537)
Browse files Browse the repository at this point in the history
  • Loading branch information
catriona-m authored Oct 3, 2024
1 parent 5a2269a commit a5f1b72
Show file tree
Hide file tree
Showing 2 changed files with 116 additions and 2 deletions.
4 changes: 2 additions & 2 deletions internal/services/web/app_service_certificate_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func resourceAppServiceCertificateCreateUpdate(d *pluginsdk.ResourceData, meta i
}

if keyVaultSecretId != "" {
parsedSecretId, err := keyVaultParse.ParseNestedItemID(keyVaultSecretId)
parsedSecretId, err := keyVaultParse.ParseOptionallyVersionedNestedItemID(keyVaultSecretId)
if err != nil {
return err
}
Expand Down Expand Up @@ -253,7 +253,7 @@ func resourceAppServiceCertificateSchema() map[string]*pluginsdk.Schema {
Optional: true,
ForceNew: true,
DiffSuppressFunc: keyVaultSuppress.DiffSuppressIgnoreKeyVaultKeyVersion,
ValidateFunc: keyVaultValidate.NestedItemId,
ValidateFunc: keyVaultValidate.NestedItemIdWithOptionalVersion,
ConflictsWith: []string{"pfx_blob", "password"},
ExactlyOneOf: []string{"key_vault_secret_id", "pfx_blob"},
},
Expand Down
114 changes: 114 additions & 0 deletions internal/services/web/app_service_certificate_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,21 @@ func TestAccAppServiceCertificate_KeyVaultId(t *testing.T) {
})
}

func TestAccAppServiceCertificate_KeyVaultIdVersionless(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_app_service_certificate", "test")
r := AppServiceCertificateResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.keyVaultIdVersionless(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).Key("thumbprint").HasValue("7B985BF42467791F23E52B364A3E8DEBAB9C606E"),
),
},
data.ImportStep("key_vault_secret_id", "key_vault_id"),
})
}

func (r AppServiceCertificateResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
id, err := parse.CertificateID(state.ID)
if err != nil {
Expand Down Expand Up @@ -332,3 +347,102 @@ resource "azurerm_app_service_certificate" "test" {
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
}

func (r AppServiceCertificateResource) keyVaultIdVersionless(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
provider "azuread" {}
data "azurerm_client_config" "test" {}
data "azuread_service_principal" "test" {
display_name = "Microsoft Azure App Service"
}
resource "azurerm_resource_group" "test" {
name = "acctestwebcert%d"
location = "%s"
}
resource "azurerm_key_vault" "test" {
name = "acct%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
tenant_id = data.azurerm_client_config.test.tenant_id
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.test.tenant_id
object_id = data.azurerm_client_config.test.object_id
secret_permissions = [
"Delete",
"Get",
"Purge",
"Set",
]
certificate_permissions = [
"Create",
"Delete",
"Get",
"Purge",
"Import",
]
}
access_policy {
tenant_id = data.azurerm_client_config.test.tenant_id
object_id = data.azuread_service_principal.test.object_id
secret_permissions = [
"Get",
]
certificate_permissions = [
"Get",
]
}
}
resource "azurerm_key_vault_certificate" "test" {
name = "acctest%d"
key_vault_id = azurerm_key_vault.test.id
certificate {
contents = filebase64("testdata/app_service_certificate.pfx")
password = "terraform"
}
certificate_policy {
issuer_parameters {
name = "Self"
}
key_properties {
exportable = true
key_size = 2048
key_type = "RSA"
reuse_key = false
}
secret_properties {
content_type = "application/x-pkcs12"
}
}
}
resource "azurerm_app_service_certificate" "test" {
name = "acctest%d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
key_vault_id = azurerm_key_vault.test.id
key_vault_secret_id = azurerm_key_vault_certificate.test.versionless_secret_id
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
}

0 comments on commit a5f1b72

Please sign in to comment.