From 6579dccbc1ff874b300dc3b7d411208f529675cc Mon Sep 17 00:00:00 2001 From: elena Date: Tue, 28 Jun 2022 16:56:41 +0800 Subject: [PATCH] fix issue 17168 --- .../key_vault_certificate_resource.go | 56 ++++++++++++------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/internal/services/keyvault/key_vault_certificate_resource.go b/internal/services/keyvault/key_vault_certificate_resource.go index 9bd94e2ebead..469340004f32 100644 --- a/internal/services/keyvault/key_vault_certificate_resource.go +++ b/internal/services/keyvault/key_vault_certificate_resource.go @@ -461,8 +461,14 @@ func resourceKeyVaultCertificateCreate(d *pluginsdk.ResourceData, meta interface CertificatePolicy: policy, Tags: tags.Expand(t), } - if _, err := client.ImportCertificate(ctx, *keyVaultBaseUrl, name, importParameters); err != nil { - return err + if resp, err := client.ImportCertificate(ctx, *keyVaultBaseUrl, name, importParameters); err != nil { + if meta.(*clients.Client).Features.KeyVault.RecoverSoftDeletedCerts && utils.ResponseWasConflict(resp.Response) { + if err = recoverDeletedCertificate(ctx, d, meta, *keyVaultBaseUrl, name); err != nil { + return err + } + } else { + return err + } } } else { // Generate new @@ -472,27 +478,9 @@ func resourceKeyVaultCertificateCreate(d *pluginsdk.ResourceData, meta interface } if resp, err := client.CreateCertificate(ctx, *keyVaultBaseUrl, name, parameters); err != nil { if meta.(*clients.Client).Features.KeyVault.RecoverSoftDeletedCerts && utils.ResponseWasConflict(resp.Response) { - recoveredCertificate, err := client.RecoverDeletedCertificate(ctx, *keyVaultBaseUrl, name) - if err != nil { + if err = recoverDeletedCertificate(ctx, d, meta, *keyVaultBaseUrl, name); err != nil { return err } - log.Printf("[DEBUG] Recovering Secret %q with ID: %q", name, *recoveredCertificate.ID) - if certificate := recoveredCertificate.ID; certificate != nil { - stateConf := &pluginsdk.StateChangeConf{ - Pending: []string{"pending"}, - Target: []string{"available"}, - Refresh: keyVaultChildItemRefreshFunc(*certificate), - Delay: 30 * time.Second, - PollInterval: 10 * time.Second, - ContinuousTargetOccurence: 10, - Timeout: d.Timeout(pluginsdk.TimeoutCreate), - } - - if _, err := stateConf.WaitForStateContext(ctx); err != nil { - return fmt.Errorf("waiting for Key Vault Secret %q to become available: %s", name, err) - } - log.Printf("[DEBUG] Secret %q recovered with ID: %q", name, *recoveredCertificate.ID) - } } else { return err } @@ -529,6 +517,32 @@ func resourceKeyVaultCertificateCreate(d *pluginsdk.ResourceData, meta interface return resourceKeyVaultCertificateRead(d, meta) } +func recoverDeletedCertificate(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}, keyVaultBaseUrl string, name string) error { + client := meta.(*clients.Client).KeyVault.ManagementClient + recoveredCertificate, err := client.RecoverDeletedCertificate(ctx, keyVaultBaseUrl, name) + if err != nil { + return err + } + log.Printf("[DEBUG] Recovering Secret %q with ID: %q", name, *recoveredCertificate.ID) + if certificate := recoveredCertificate.ID; certificate != nil { + stateConf := &pluginsdk.StateChangeConf{ + Pending: []string{"pending"}, + Target: []string{"available"}, + Refresh: keyVaultChildItemRefreshFunc(*certificate), + Delay: 30 * time.Second, + PollInterval: 10 * time.Second, + ContinuousTargetOccurence: 10, + Timeout: d.Timeout(pluginsdk.TimeoutCreate), + } + + if _, err := stateConf.WaitForStateContext(ctx); err != nil { + return fmt.Errorf("waiting for Key Vault Secret %q to become available: %s", name, err) + } + log.Printf("[DEBUG] Secret %q recovered with ID: %q", name, *recoveredCertificate.ID) + } + return nil +} + func resourceKeyVaultCertificateUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d)