diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource.go b/internal/services/springcloud/spring_cloud_configuration_service_resource.go index a2d2ef2ae75a..196a6dc706fa 100644 --- a/internal/services/springcloud/spring_cloud_configuration_service_resource.go +++ b/internal/services/springcloud/spring_cloud_configuration_service_resource.go @@ -102,6 +102,12 @@ func resourceSpringCloudConfigurationService() *pluginsdk.Resource { ValidateFunc: validation.StringIsNotEmpty, }, + "ca_certificate_id": { + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validate.SpringCloudCertificateID, + }, + "host_key": { Type: pluginsdk.TypeString, Optional: true, @@ -258,7 +264,7 @@ func expandConfigurationServiceConfigurationServiceGitRepositoryArray(input []in results := make([]appplatform.ConfigurationServiceGitRepository, 0) for _, item := range input { v := item.(map[string]interface{}) - results = append(results, appplatform.ConfigurationServiceGitRepository{ + repo := appplatform.ConfigurationServiceGitRepository{ Name: utils.String(v["name"].(string)), Patterns: utils.ExpandStringSlice(v["patterns"].(*pluginsdk.Set).List()), URI: utils.String(v["uri"].(string)), @@ -270,7 +276,11 @@ func expandConfigurationServiceConfigurationServiceGitRepositoryArray(input []in HostKeyAlgorithm: utils.String(v["host_key_algorithm"].(string)), PrivateKey: utils.String(v["private_key"].(string)), StrictHostKeyChecking: utils.Bool(v["strict_host_key_checking"].(bool)), - }) + } + if caCertificatedId := v["ca_certificate_id"].(string); caCertificatedId != "" { + repo.CaCertResourceID = utils.String(caCertificatedId) + } + results = append(results, repo) } return &results } @@ -330,7 +340,16 @@ func flattenConfigurationServiceConfigurationServiceGitRepositoryArray(input *[] username = value.(string) } } + + var caCertificateId string + if item.CaCertResourceID != nil { + certificatedId, err := parse.SpringCloudCertificateIDInsensitively(*item.CaCertResourceID) + if err == nil { + caCertificateId = certificatedId.ID() + } + } results = append(results, map[string]interface{}{ + "ca_certificate_id": caCertificateId, "name": name, "label": label, "patterns": utils.FlattenStringSlice(item.Patterns), diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go index ae51e032cdc9..e1df6e5e540c 100644 --- a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go +++ b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go @@ -112,7 +112,8 @@ func TestAccSpringCloudConfigurationService_generation(t *testing.T) { check.That(data.ResourceName).ExistsInAzure(r), ), }, - data.ImportStep(), { + data.ImportStep(), + { Config: r.generation(data, "Gen2"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), @@ -122,6 +123,20 @@ func TestAccSpringCloudConfigurationService_generation(t *testing.T) { }) } +func TestAccSpringCloudConfigurationService_caCertificateId(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_spring_cloud_configuration_service", "test") + r := SpringCloudConfigurationServiceResource{} + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.caCertificateId(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func (r SpringCloudConfigurationServiceResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := parse.SpringCloudConfigurationServiceID(state.ID) if err != nil { @@ -238,3 +253,126 @@ resource "azurerm_spring_cloud_configuration_service" "test" { } `, template, generation) } + +func (r SpringCloudConfigurationServiceResource) caCertificateId(data acceptance.TestData) string { + template := r.template(data) + return fmt.Sprintf(` +%s + + +data "azurerm_client_config" "current" { +} + +data "azuread_service_principal" "test" { + display_name = "Azure Spring Cloud Resource Provider" +} + +resource "azurerm_key_vault" "test" { + name = "acctest-kv-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" + + access_policy { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id + + secret_permissions = [ + "Set", + ] + + certificate_permissions = [ + "Create", + "Delete", + "Get", + "Purge", + "Update", + ] + } + + access_policy { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azuread_service_principal.test.object_id + + secret_permissions = [ + "Get", + "List", + ] + + certificate_permissions = [ + "Get", + "List", + ] + } +} + +resource "azurerm_key_vault_certificate" "test" { + name = "acctest-cert-%[2]d" + key_vault_id = azurerm_key_vault.test.id + + certificate_policy { + issuer_parameters { + name = "Self" + } + + key_properties { + exportable = true + key_size = 2048 + key_type = "RSA" + reuse_key = true + } + + lifetime_action { + action { + action_type = "AutoRenew" + } + + trigger { + days_before_expiry = 30 + } + } + + secret_properties { + content_type = "application/x-pkcs12" + } + + x509_certificate_properties { + key_usage = [ + "cRLSign", + "dataEncipherment", + "digitalSignature", + "keyAgreement", + "keyCertSign", + "keyEncipherment", + ] + + subject = "CN=contoso.com" + validity_in_months = 12 + } + } +} + + +resource "azurerm_spring_cloud_certificate" "test" { + name = "acctest-scc-%[2]d" + resource_group_name = azurerm_spring_cloud_service.test.resource_group_name + service_name = azurerm_spring_cloud_service.test.name + key_vault_certificate_id = azurerm_key_vault_certificate.test.id + exclude_private_key = true +} + +resource "azurerm_spring_cloud_configuration_service" "test" { + name = "default" + spring_cloud_service_id = azurerm_spring_cloud_service.test.id + generation = "Gen2" + repository { + name = "fake" + label = "master" + patterns = ["app/dev"] + uri = "https://github.com/Azure-Samples/piggymetrics" + ca_certificate_id = azurerm_spring_cloud_certificate.test.id + } +} +`, template, data.RandomIntOfLength(10)) +} diff --git a/website/docs/r/spring_cloud_configuration_service.html.markdown b/website/docs/r/spring_cloud_configuration_service.html.markdown index 658504ad3478..57e1fd7e40c7 100644 --- a/website/docs/r/spring_cloud_configuration_service.html.markdown +++ b/website/docs/r/spring_cloud_configuration_service.html.markdown @@ -73,6 +73,8 @@ A `repository` block supports the following: * `uri` - (Required) Specifies the URI of the repository. +* `ca_certificate_id` - (Optional) Specifies the ID of the Certificate Authority used when retrieving the Git Repository via HTTPS. + * `host_key` - (Optional) Specifies the SSH public key of git repository. * `host_key_algorithm` - (Optional) Specifies the SSH key algorithm of git repository.