Support for certificate attributes in Key Vault Certificate exported attributes

[MattMencel]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Is it possible to add the certificate attributes to the key vault certificate resource exported attributes? I'm specifically looking for the certificate's expires value.

I would like to add a key vault certificate to an SPN using the new azuread_service_principal_certificate resource. The downloaded CER file and a certificate end date has to be provided to that SPN certificate resource.

module.datasource_spn.azuread_service_principal_certificate.app_spn_certificate: Creating...

Error: creating certificate credentials "4c5724c9-..." for service principal with ID "0e813b06-...": graphrbac.ServicePrincipalsClient#UpdateKeyCredentials: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Request_BadRequest","date":"2020-06-15T20:02:20","message":{"lang":"en","value":"Key credential end date is invalid."},"requestId":"fd5fe5b3-ac8c-4732-863c-1e4c6334ad0b"}}]

Or perhaps even better, allow a reference to the Key Vault certificate ID in the azuread_service_principal_certificate resource?

New or Affected Resource(s)

• azurerm_key_vault_certificate
• azuread_service_principal_certificate

Potential Terraform Configuration

certificate_attributes {
    created = "2020-06-15T14:23:24+00:00"
    enabled = true
    expires = "2021-06-15T14:23:24+00:00"
    not_before = "2020-06-15T14:13:24+00:00"
    recovery_level = "Purgeable"
    updated = "2020-06-15T14:23:24+00:00"
}

References

• https://docs.microsoft.com/en-us/rest/api/keyvault/getcertificate/getcertificate#certificateattributes

az keyvault certificate show --vault-name VAULT_NAME --name CERTIFICATE_NAME -o json | jq -r .attributes

[njuCZ]

@MattMencel I have submitted a PR to add this export field for azurerm_key_vault_certificate. As for azuread_service_principal_certificate, could you mind opening an issue in azread repo?

[ghost]

This has been released in version 2.17.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.17.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!