diff --git a/internal/services/cdn/cdn_frontdoor_secret_data_source.go b/internal/services/cdn/cdn_frontdoor_secret_data_source.go new file mode 100644 index 000000000000..91eaa832659e --- /dev/null +++ b/internal/services/cdn/cdn_frontdoor_secret_data_source.go @@ -0,0 +1,113 @@ +package cdn + +import ( + "fmt" + "time" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" + "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/cdn/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/cdn/validate" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" + "github.com/hashicorp/terraform-provider-azurerm/utils" +) + +func dataSourceCdnFrontDoorSecret() *pluginsdk.Resource { + return &pluginsdk.Resource{ + Read: dataSourceCdnFrontDoorSecretRead, + + Timeouts: &pluginsdk.ResourceTimeout{ + Read: pluginsdk.DefaultTimeout(5 * time.Minute), + }, + + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validate.CdnFrontDoorSecretName, + }, + + "profile_name": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validate.FrontDoorName, + }, + + "resource_group_name": commonschema.ResourceGroupNameForDataSource(), + + // Computed + "cdn_frontdoor_profile_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "secret": { + Type: pluginsdk.TypeList, + Computed: true, + + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "customer_certificate": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "key_vault_certificate_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "subject_alternative_names": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + }, + }, + }, + }, + }, + }, + }, + } +} + +func dataSourceCdnFrontDoorSecretRead(d *pluginsdk.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Cdn.FrontDoorSecretsClient + subscriptionId := meta.(*clients.Client).Account.SubscriptionId + ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) + defer cancel() + + id := parse.NewFrontDoorSecretID(subscriptionId, d.Get("resource_group_name").(string), d.Get("profile_name").(string), d.Get("name").(string)) + + resp, err := client.Get(ctx, id.ResourceGroup, id.ProfileName, id.SecretName) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("%s was not found", id) + } + + return fmt.Errorf("retrieving %s: %+v", id, err) + } + + d.SetId(id.ID()) + d.Set("name", id.SecretName) + d.Set("profile_name", id.ProfileName) + d.Set("resource_group_name", id.ResourceGroup) + d.Set("cdn_frontdoor_profile_id", parse.NewFrontDoorProfileID(id.SubscriptionId, id.ResourceGroup, id.ProfileName).ID()) + + if props := resp.SecretProperties; props != nil { + var customerCertificate []interface{} + if customerCertificate, err = flattenSecretParameters(ctx, props.Parameters, meta); err != nil { + return fmt.Errorf("flattening 'secret': %+v", err) + } + + if err := d.Set("secret", customerCertificate); err != nil { + return fmt.Errorf("setting 'secret': %+v", err) + } + } + + return nil +} diff --git a/internal/services/cdn/cdn_frontdoor_secret_data_source_test.go b/internal/services/cdn/cdn_frontdoor_secret_data_source_test.go new file mode 100644 index 000000000000..77c5caed3195 --- /dev/null +++ b/internal/services/cdn/cdn_frontdoor_secret_data_source_test.go @@ -0,0 +1,85 @@ +package cdn_test + +import ( + "fmt" + "os" + "strings" + "testing" + + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" +) + +type CdnFrontdoorSecretResourceDataSource struct { + DoNotRunFrontDoorCustomDomainTests string +} + +// NOTE: This is currently not testable due to the cert requirements of the service +func TestAccCdnFrontDoorSecretDataSource_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_cdn_frontdoor_secret", "test") + r := CdnFrontdoorSecretResource{os.Getenv("ARM_TEST_DO_NOT_RUN_CDN_FRONT_DOOR_CUSTOM_DOMAIN")} + r.preCheck(t) + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("cdn_frontdoor_profile_id").MatchesOtherKey(check.That("azurerm_cdn_frontdoor_profile.test").Key("id")), + ), + }, + data.ImportStep(), + }) +} + +func (r CdnFrontdoorSecretResourceDataSource) preCheck(t *testing.T) { + if r.DoNotRunFrontDoorCustomDomainTests == "" { + t.Skipf("`ARM_TEST_DO_NOT_RUN_CDN_FRONT_DOOR_CUSTOM_DOMAIN` must be set for acceptance tests") + } + + if strings.EqualFold(r.DoNotRunFrontDoorCustomDomainTests, "true") { + t.Skipf("`data.azurerm_cdn_frontdoor_secret` currently is not testable due to service requirements") + } +} + +func (r CdnFrontdoorSecretResourceDataSource) template(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-cdn-afdx-%[1]d" + location = "%[2]s" +} + +resource "azurerm_cdn_frontdoor_profile" "test" { + name = "accTestProfile-%[1]d" + resource_group_name = azurerm_resource_group.test.name + sku_name = "Standard_AzureFrontDoor" +} + +resource "azurerm_cdn_frontdoor_secret" "test" { + name = "accTestSecret-%[1]d" + cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.test.id + + secret { + customer_certificate { + key_vault_certificate_id = azurerm_key_vault_certificate.test.id + } + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + +func (r CdnFrontdoorSecretResourceDataSource) basic(data acceptance.TestData) string { + template := r.template(data) + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_cdn_frontdoor_secret" "test" { + name = azurerm_cdn_frontdoor_secret.test.name + profile_name = azurerm_cdn_frontdoor_profile.test.name + resource_group_name = azurerm_cdn_frontdoor_profile.test.resource_group_name +} +`, template) +} diff --git a/internal/services/cdn/registration.go b/internal/services/cdn/registration.go index 2a27a4340e4e..25aaafb68b6b 100644 --- a/internal/services/cdn/registration.go +++ b/internal/services/cdn/registration.go @@ -36,6 +36,7 @@ func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource { "azurerm_cdn_frontdoor_origin_group": dataSourceCdnFrontDoorOriginGroup(), "azurerm_cdn_frontdoor_profile": dataSourceCdnFrontDoorProfile(), "azurerm_cdn_frontdoor_rule_set": dataSourceCdnFrontDoorRuleSet(), + "azurerm_cdn_frontdoor_secret": dataSourceCdnFrontDoorSecret(), } } diff --git a/website/docs/d/cdn_frontdoor_origin_group.html.markdown b/website/docs/d/cdn_frontdoor_origin_group.html.markdown index 1ba4a0731804..ee9c22654ffb 100644 --- a/website/docs/d/cdn_frontdoor_origin_group.html.markdown +++ b/website/docs/d/cdn_frontdoor_origin_group.html.markdown @@ -24,8 +24,6 @@ data "azurerm_cdn_frontdoor_origin_group" "example" { The following arguments are supported: -The following arguments are supported: - * `name` - (Required) Specifies the name of the FrontDoor Origin Group. * `profile_name` - (Required) The name of the FrontDoor Profile within which CDN FrontDoor Origin Group exists. diff --git a/website/docs/d/cdn_frontdoor_secret.html.markdown b/website/docs/d/cdn_frontdoor_secret.html.markdown new file mode 100644 index 000000000000..fa9a077272dc --- /dev/null +++ b/website/docs/d/cdn_frontdoor_secret.html.markdown @@ -0,0 +1,63 @@ +--- +subcategory: "CDN" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_cdn_frontdoor_secret" +description: |- + Gets information about an existing CDN FrontDoor Secret. +--- + +# Data Source: azurerm_cdn_frontdoor_secret + +Use this data source to access information about an existing CDN FrontDoor Secret. + +## Example Usage + +```hcl +data "azurerm_cdn_frontdoor_secret" "example" { + name = "example-secret" + profile_name = "example-profile" + resource_group_name = "example-resources" +} +``` + +## Arguments Reference + +The following arguments are supported: + +* `name` - (Required) Specifies the name of the FrontDoor Secret. + +* `profile_name` - (Required) The name of the FrontDoor Profile within which CDN FrontDoor Secret exists. + +* `resource_group_name` - (Required) The name of the Resource Group where the CDN FrontDoor Profile exists. + +## Attributes Reference + +In addition to the Arguments listed above - the following Attributes are exported: + +* `id` - The ID of the CDN FrontDoor Secret. + +* `cdn_frontdoor_profile_id` - Specifies the ID of the CDN FrontDoor Profile within which this CDN FrontDoor Secret exists. + +* `secret` - A `secret` block as defined below. + +--- + +A `secret` block exports the following: + +* `customer_certificate` - A `customer_certificate` block as defined below. + +--- + +A `customer_certificate` block exports the following: + +* `key_vault_certificate_id` - The key vault certificate ID. + +* `subject_alternative_names` - One or more `subject alternative names` contained within the key vault certificate. + +--- + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: + +* `read` - (Defaults to 5 minutes) Used when retrieving the CDN FrontDoor Secret. diff --git a/website/docs/r/cdn_frontdoor_secret.html.markdown b/website/docs/r/cdn_frontdoor_secret.html.markdown index 5dff00263f98..050b29e3f507 100644 --- a/website/docs/r/cdn_frontdoor_secret.html.markdown +++ b/website/docs/r/cdn_frontdoor_secret.html.markdown @@ -113,7 +113,7 @@ A `secret` block supports the following: A `customer_certificate` block supports the following: -* `key_vault_certificate_id` - (Required) The key vault certificate resources ID attribute. Changing this forces a new Frontdoor Secret to be created. +* `key_vault_certificate_id` - (Required) The ID of the Key Vault certificate resource to use. Changing this forces a new Frontdoor Secret to be created. ->**NOTE:** If you would like to use the **latest version** of the Key Vault Certificate use the Key Vault Certificates `versionless_id` attribute as the `key_vault_certificate_id` fields value(e.g. `key_vault_certificate_id = azurerm_key_vault_certificate.example.versionless_id`).