including #18817 fixes #18769

* Adding support for a frontdoor secret data source

* Fix file extension

* update documentation

internal/services/cdn/cdn_frontdoor_secret_data_source.go

@@ -0,0 +1,113 @@
+package cdn
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/cdn/parse"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/cdn/validate"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
+	"github.com/hashicorp/terraform-provider-azurerm/utils"
+)
+
+func dataSourceCdnFrontDoorSecret() *pluginsdk.Resource {
+	return &pluginsdk.Resource{
+		Read: dataSourceCdnFrontDoorSecretRead,
+
+		Timeouts: &pluginsdk.ResourceTimeout{
+			Read: pluginsdk.DefaultTimeout(5 * time.Minute),
+		},
+
+		Schema: map[string]*pluginsdk.Schema{
+			"name": {
+				Type:         pluginsdk.TypeString,
+				Required:     true,
+				ValidateFunc: validate.CdnFrontDoorSecretName,
+			},
+
+			"profile_name": {
+				Type:         pluginsdk.TypeString,
+				Required:     true,
+				ValidateFunc: validate.FrontDoorName,
+			},
+
+			"resource_group_name": commonschema.ResourceGroupNameForDataSource(),
+
+			// Computed
+			"cdn_frontdoor_profile_id": {
+				Type:     pluginsdk.TypeString,
+				Computed: true,
+			},
+
+			"secret": {
+				Type:     pluginsdk.TypeList,
+				Computed: true,
+
+				Elem: &pluginsdk.Resource{
+					Schema: map[string]*pluginsdk.Schema{
+						"customer_certificate": {
+							Type:     pluginsdk.TypeList,
+							Computed: true,
+							Elem: &pluginsdk.Resource{
+								Schema: map[string]*pluginsdk.Schema{
+									"key_vault_certificate_id": {
+										Type:     pluginsdk.TypeString,
+										Computed: true,
+									},
+
+									"subject_alternative_names": {
+										Type:     pluginsdk.TypeList,
+										Computed: true,
+										Elem: &pluginsdk.Schema{
+											Type: pluginsdk.TypeString,
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceCdnFrontDoorSecretRead(d *pluginsdk.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Cdn.FrontDoorSecretsClient
+	subscriptionId := meta.(*clients.Client).Account.SubscriptionId
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id := parse.NewFrontDoorSecretID(subscriptionId, d.Get("resource_group_name").(string), d.Get("profile_name").(string), d.Get("name").(string))
+
+	resp, err := client.Get(ctx, id.ResourceGroup, id.ProfileName, id.SecretName)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			return fmt.Errorf("%s was not found", id)
+		}
+
+		return fmt.Errorf("retrieving %s: %+v", id, err)
+	}
+
+	d.SetId(id.ID())
+	d.Set("name", id.SecretName)
+	d.Set("profile_name", id.ProfileName)
+	d.Set("resource_group_name", id.ResourceGroup)
+	d.Set("cdn_frontdoor_profile_id", parse.NewFrontDoorProfileID(id.SubscriptionId, id.ResourceGroup, id.ProfileName).ID())
+
+	if props := resp.SecretProperties; props != nil {
+		var customerCertificate []interface{}
+		if customerCertificate, err = flattenSecretParameters(ctx, props.Parameters, meta); err != nil {
+			return fmt.Errorf("flattening 'secret': %+v", err)
+		}
+
+		if err := d.Set("secret", customerCertificate); err != nil {
+			return fmt.Errorf("setting 'secret': %+v", err)
+		}
+	}
+
+	return nil
+}

internal/services/cdn/cdn_frontdoor_secret_data_source_test.go

@@ -0,0 +1,85 @@
+package cdn_test
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
+)
+
+type CdnFrontdoorSecretResourceDataSource struct {
+	DoNotRunFrontDoorCustomDomainTests string
+}
+
+// NOTE: This is currently not testable due to the cert requirements of the service
+func TestAccCdnFrontDoorSecretDataSource_basic(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_cdn_frontdoor_secret", "test")
+	r := CdnFrontdoorSecretResource{os.Getenv("ARM_TEST_DO_NOT_RUN_CDN_FRONT_DOOR_CUSTOM_DOMAIN")}
+	r.preCheck(t)
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("cdn_frontdoor_profile_id").MatchesOtherKey(check.That("azurerm_cdn_frontdoor_profile.test").Key("id")),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
+func (r CdnFrontdoorSecretResourceDataSource) preCheck(t *testing.T) {
+	if r.DoNotRunFrontDoorCustomDomainTests == "" {
+		t.Skipf("`ARM_TEST_DO_NOT_RUN_CDN_FRONT_DOOR_CUSTOM_DOMAIN` must be set for acceptance tests")
+	}
+
+	if strings.EqualFold(r.DoNotRunFrontDoorCustomDomainTests, "true") {
+		t.Skipf("`data.azurerm_cdn_frontdoor_secret` currently is not testable due to service requirements")
+	}
+}
+
+func (r CdnFrontdoorSecretResourceDataSource) template(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-cdn-afdx-%[1]d"
+  location = "%[2]s"
+}
+
+resource "azurerm_cdn_frontdoor_profile" "test" {
+  name                = "accTestProfile-%[1]d"
+  resource_group_name = azurerm_resource_group.test.name
+  sku_name            = "Standard_AzureFrontDoor"
+}
+
+resource "azurerm_cdn_frontdoor_secret" "test" {
+  name                     = "accTestSecret-%[1]d"
+  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.test.id
+
+  secret {
+    customer_certificate {
+      key_vault_certificate_id = azurerm_key_vault_certificate.test.id
+    }
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
+func (r CdnFrontdoorSecretResourceDataSource) basic(data acceptance.TestData) string {
+	template := r.template(data)
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+%s
+
+data "azurerm_cdn_frontdoor_secret" "test" {
+  name                = azurerm_cdn_frontdoor_secret.test.name
+  profile_name        = azurerm_cdn_frontdoor_profile.test.name
+  resource_group_name = azurerm_cdn_frontdoor_profile.test.resource_group_name
+}
+`, template)
+}

internal/services/cdn/registration.go

@@ -36,6 +36,7 @@ func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource {
 		"azurerm_cdn_frontdoor_origin_group": dataSourceCdnFrontDoorOriginGroup(),
 		"azurerm_cdn_frontdoor_profile":      dataSourceCdnFrontDoorProfile(),
 		"azurerm_cdn_frontdoor_rule_set":     dataSourceCdnFrontDoorRuleSet(),
+		"azurerm_cdn_frontdoor_secret":       dataSourceCdnFrontDoorSecret(),
 	}
 }
 

website/docs/d/cdn_frontdoor_origin_group.html.markdown

@@ -24,8 +24,6 @@ data "azurerm_cdn_frontdoor_origin_group" "example" {
 
 The following arguments are supported:
 
-The following arguments are supported:
-
 * `name` - (Required) Specifies the name of the FrontDoor Origin Group.
 
 * `profile_name` - (Required) The name of the FrontDoor Profile within which CDN FrontDoor Origin Group exists.

website/docs/d/cdn_frontdoor_secret.html.markdown

@@ -0,0 +1,63 @@
+---
+subcategory: "CDN"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_cdn_frontdoor_secret"
+description: |-
+  Gets information about an existing CDN FrontDoor Secret.
+---
+
+# Data Source: azurerm_cdn_frontdoor_secret
+
+Use this data source to access information about an existing CDN FrontDoor Secret.
+
+## Example Usage
+
+```hcl
+data "azurerm_cdn_frontdoor_secret" "example" {
+  name                = "example-secret"
+  profile_name        = "example-profile"
+  resource_group_name = "example-resources"
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Specifies the name of the FrontDoor Secret.
+
+* `profile_name` - (Required) The name of the FrontDoor Profile within which CDN FrontDoor Secret exists.
+
+* `resource_group_name` - (Required) The name of the Resource Group where the CDN FrontDoor Profile exists.
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported:
+
+* `id` - The ID of the CDN FrontDoor Secret.
+
+* `cdn_frontdoor_profile_id` - Specifies the ID of the CDN FrontDoor Profile within which this CDN FrontDoor Secret exists.
+
+* `secret` - A `secret` block as defined below.
+
+---
+
+A `secret` block exports the following:
+
+* `customer_certificate` - A `customer_certificate` block as defined below.
+
+---
+
+A `customer_certificate` block exports the following:
+
+* `key_vault_certificate_id` - The key vault certificate ID.
+
+* `subject_alternative_names` - One or more `subject alternative names` contained within the key vault certificate.
+
+---
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:
+
+* `read` - (Defaults to 5 minutes) Used when retrieving the CDN FrontDoor Secret.

website/docs/r/cdn_frontdoor_secret.html.markdown

@@ -113,7 +113,7 @@ A `secret` block supports the following:
 
 A `customer_certificate` block supports the following:
 
-* `key_vault_certificate_id` - (Required) The key vault certificate resources ID attribute. Changing this forces a new Frontdoor Secret to be created.
+* `key_vault_certificate_id` - (Required) The ID of the Key Vault certificate resource to use. Changing this forces a new Frontdoor Secret to be created.
 
 ->**NOTE:** If you would like to use the **latest version** of the Key Vault Certificate use the Key Vault Certificates `versionless_id` attribute as the `key_vault_certificate_id` fields value(e.g. `key_vault_certificate_id = azurerm_key_vault_certificate.example.versionless_id`).