Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_key_vault_*: fall back to vault_uri for resources created prior to 1.22 #2874

Merged
merged 4 commits into from
Feb 12, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion azurerm/data_source_key_vault_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,10 @@ func dataSourceArmKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) erro
} else {
id, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, keyVaultBaseUri)
if err != nil {
return fmt.Errorf("Error unable to find key vault ID from URL %q for certificate %q: %+v", keyVaultBaseUri, name, err)
return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", keyVaultBaseUri, err)
}
if id == nil {
return fmt.Errorf("Unable to locate the Resource ID for the Key Vault at URL %q: %s", keyVaultBaseUri, err)
}
d.Set("key_vault_id", id)
}
Expand Down
6 changes: 5 additions & 1 deletion azurerm/data_source_key_vault_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,12 @@ func dataSourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) e
} else {
id, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, keyVaultBaseUri)
if err != nil {
return fmt.Errorf("Error unable to find key vault ID from URL %q for certificate %q: %+v", keyVaultBaseUri, name, err)
return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", keyVaultBaseUri, err)
}
if id == nil {
return fmt.Errorf("Unable to locate the Resource ID for the Key Vault at URL %q: %s", keyVaultBaseUri, err)
}

d.Set("key_vault_id", id)
}

Expand Down
17 changes: 8 additions & 9 deletions azurerm/helpers/azure/key_vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,17 +41,16 @@ func GetKeyVaultBaseUrlFromID(ctx context.Context, client keyvault.VaultsClient,
return *resp.Properties.VaultURI, nil
}

func GetKeyVaultIDFromBaseUrl(ctx context.Context, client keyvault.VaultsClient, keyVaultUrl string) (string, error) {

func GetKeyVaultIDFromBaseUrl(ctx context.Context, client keyvault.VaultsClient, keyVaultUrl string) (*string, error) {
list, err := client.ListComplete(ctx, utils.Int32(1000))
if err != nil {
return "", fmt.Errorf("Error GetKeyVaultId unable to list Key Vaults %v", err)
return nil, fmt.Errorf("Error GetKeyVaultId unable to list Key Vaults %v", err)
}

for list.NotDone() {
v := list.Value()
if v.ID == nil {
log.Printf("[DEBUG]GetKeyVaultId: v.ID was nil, continuing")
log.Printf("[DEBUG] GetKeyVaultId: v.ID was nil, continuing")
continue
}

Expand All @@ -76,16 +75,16 @@ func GetKeyVaultIDFromBaseUrl(ctx context.Context, client keyvault.VaultsClient,
}

if keyVaultUrl == *get.Properties.VaultURI {
return *get.ID, nil
return get.ID, nil
}

e := list.NextWithContext(ctx)
if e != nil {
return "", fmt.Errorf("Error GetKeyVaultId: Error getting next value on KeyVault %q (Resource Group %q): %+v", name, resourceGroup, err)
if e := list.NextWithContext(ctx); e != nil {
return nil, fmt.Errorf("Error GetKeyVaultId: Error getting next value on KeyVault %q (Resource Group %q): %+v", name, resourceGroup, err)
}
}

return "", fmt.Errorf("Error GetKeyVaultId unable to find Key Vault with url %q", keyVaultUrl)
// we haven't found it, but Data Sources and Resources need to handle this error separately
return nil, nil
}

func KeyVaultExists(ctx context.Context, client keyvault.VaultsClient, keyVaultId string) (bool, error) {
Expand Down
2 changes: 1 addition & 1 deletion azurerm/resource_arm_key_vault_access_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ func resourceArmKeyVaultAccessPolicyCreateOrDelete(d *schema.ResourceData, meta
if applicationIdRaw != "" {
applicationId, err2 := uuid.FromString(applicationIdRaw)
if err2 != nil {
return fmt.Errorf("Error parsing Appliciation ID %q as a UUID: %+v", applicationIdRaw, err2)
return fmt.Errorf("Error parsing Application ID %q as a UUID: %+v", applicationIdRaw, err2)
}

accessPolicy.ApplicationID = &applicationId
Expand Down
51 changes: 51 additions & 0 deletions azurerm/resource_arm_key_vault_access_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,34 @@ func TestAccAzureRMKeyVaultAccessPolicy_basic(t *testing.T) {
})
}

func TestAccAzureRMKeyVaultAccessPolicy_basicClassic(t *testing.T) {
resourceName := "azurerm_key_vault_access_policy.test"
rs := acctest.RandString(6)
config := testAccAzureRMKeyVaultAccessPolicy_basicClassic(rs, testLocation())

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMKeyVaultDestroy,
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMKeyVaultAccessPolicyExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "key_permissions.0", "get"),
resource.TestCheckResourceAttr(resourceName, "secret_permissions.0", "get"),
resource.TestCheckResourceAttr(resourceName, "secret_permissions.1", "set"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAzureRMKeyVaultAccessPolicy_requiresImport(t *testing.T) {
if !requireResourcesToBeImported {
t.Skip("Skipping since resources aren't required to be imported")
Expand Down Expand Up @@ -213,6 +241,29 @@ resource "azurerm_key_vault_access_policy" "test" {
`, template)
}

func testAccAzureRMKeyVaultAccessPolicy_basicClassic(rString string, location string) string {
template := testAccAzureRMKeyVaultAccessPolicy_template(rString, location)
return fmt.Sprintf(`
%s

resource "azurerm_key_vault_access_policy" "test" {
vault_uri = "${azurerm_key_vault.test.vault_uri}"

key_permissions = [
"get",
]

secret_permissions = [
"get",
"set",
]

tenant_id = "${data.azurerm_client_config.current.tenant_id}"
object_id = "${data.azurerm_client_config.current.service_principal_object_id}"
}
`, template)
}

func testAccAzureRMKeyVaultAccessPolicy_requiresImport(rString string, location string) string {
template := testAccAzureRMKeyVaultAccessPolicy_basic(rString, location)
return fmt.Sprintf(`
Expand Down
40 changes: 31 additions & 9 deletions azurerm/resource_arm_key_vault_certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,12 @@ func resourceArmKeyVaultChildResourceImporter(d *schema.ResourceData, meta inter

kvid, err := azure.GetKeyVaultIDFromBaseUrl(ctx, client, id.KeyVaultBaseUrl)
if err != nil {
return []*schema.ResourceData{d}, fmt.Errorf("Error unable to find key vault ID from URL %q for certificate %q: %+v", id.KeyVaultBaseUrl, id.Name, err)
return []*schema.ResourceData{d}, fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err)
}
if id == nil {
return []*schema.ResourceData{d}, fmt.Errorf("Unable to locate the Resource ID for the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err)
}

d.Set("key_vault_id", kvid)

return []*schema.ResourceData{d}, nil
Expand Down Expand Up @@ -435,21 +439,31 @@ func keyVaultCertificateCreationRefreshFunc(ctx context.Context, client keyvault
}

func resourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}) error {
keyVaultClient := meta.(*ArmClient).keyVaultClient
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

keyVaultId := d.Get("key_vault_id").(string)
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}

ok, err := azure.KeyVaultExists(ctx, meta.(*ArmClient).keyVaultClient, keyVaultId)
keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl)
if err != nil {
return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err)
}
if keyVaultId == nil {
log.Printf("[DEBUG] Unable to determine the Resource ID for the Key Vault at URL %q - removing from state!", id.KeyVaultBaseUrl)
d.SetId("")
return nil
}

ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId)
if err != nil {
return fmt.Errorf("Error checking if key vault %q for Certificate %q in Vault at url %q exists: %v", keyVaultId, id.Name, id.KeyVaultBaseUrl, err)
return fmt.Errorf("Error checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err)
}
if !ok {
log.Printf("[DEBUG] Certificate %q Key Vault %q was not found in Key Vault at URI %q - removing from state", id.Name, keyVaultId, id.KeyVaultBaseUrl)
log.Printf("[DEBUG] Certificate %q Key Vault %q was not found in Key Vault at URI %q - removing from state", id.Name, *keyVaultId, id.KeyVaultBaseUrl)
d.SetId("")
return nil
}
Expand Down Expand Up @@ -495,21 +509,29 @@ func resourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}
}

func resourceArmKeyVaultCertificateDelete(d *schema.ResourceData, meta interface{}) error {
keyVaultClient := meta.(*ArmClient).keyVaultClient
client := meta.(*ArmClient).keyVaultManagementClient
ctx := meta.(*ArmClient).StopContext

keyVaultId := d.Get("key_vault_id").(string)
id, err := azure.ParseKeyVaultChildID(d.Id())
if err != nil {
return err
}

ok, err := azure.KeyVaultExists(ctx, meta.(*ArmClient).keyVaultClient, keyVaultId)
keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl)
if err != nil {
return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err)
}
if keyVaultId == nil {
return fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", id.KeyVaultBaseUrl)
}

ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId)
if err != nil {
return fmt.Errorf("Error checking if key vault %q for Certificate %q in Vault at url %q exists: %v", keyVaultId, id.Name, id.KeyVaultBaseUrl, err)
return fmt.Errorf("Error checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err)
}
if !ok {
log.Printf("[DEBUG] Certificate %q Key Vault %q was not found in Key Vault at URI %q - removing from state", id.Name, keyVaultId, id.KeyVaultBaseUrl)
log.Printf("[DEBUG] Certificate %q Key Vault %q was not found in Key Vault at URI %q - removing from state", id.Name, *keyVaultId, id.KeyVaultBaseUrl)
d.SetId("")
return nil
}
Expand Down
95 changes: 95 additions & 0 deletions azurerm/resource_arm_key_vault_certificate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,33 @@ func TestAccAzureRMKeyVaultCertificate_basicImportPFX(t *testing.T) {
})
}

func TestAccAzureRMKeyVaultCertificate_basicImportPFXClassic(t *testing.T) {
resourceName := "azurerm_key_vault_certificate.test"
rs := acctest.RandString(6)
config := testAccAzureRMKeyVaultCertificate_basicImportPFXClassic(rs, testLocation())

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMKeyVaultCertificateDestroy,
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMKeyVaultCertificateExists(resourceName),
resource.TestCheckResourceAttrSet(resourceName, "certificate_data"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"certificate"},
},
},
})
}

func TestAccAzureRMKeyVaultCertificate_requiresImport(t *testing.T) {
if !requireResourcesToBeImported {
t.Skip("Skipping since resources aren't required to be imported")
Expand Down Expand Up @@ -395,6 +422,74 @@ resource "azurerm_key_vault_certificate" "test" {
`, rString, location, rString, rString)
}

func testAccAzureRMKeyVaultCertificate_basicImportPFXClassic(rString string, location string) string {
return fmt.Sprintf(`
data "azurerm_client_config" "current" {}

resource "azurerm_resource_group" "test" {
name = "acctestRG-%s"
location = "%s"
}

resource "azurerm_key_vault" "test" {
name = "acctestkeyvault%s"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
tenant_id = "${data.azurerm_client_config.current.tenant_id}"

sku {
name = "standard"
}

access_policy {
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
object_id = "${data.azurerm_client_config.current.service_principal_object_id}"

certificate_permissions = [
"delete",
"import",
"get",
]

key_permissions = [
"create",
]

secret_permissions = [
"set",
]
}
}

resource "azurerm_key_vault_certificate" "test" {
name = "acctestcert%s"
vault_uri = "${azurerm_key_vault.test.vault_uri}"

certificate {
contents = "${base64encode(file("testdata/keyvaultcert.pfx"))}"
password = ""
}

certificate_policy {
issuer_parameters {
name = "Self"
}

key_properties {
exportable = true
key_size = 2048
key_type = "RSA"
reuse_key = false
}

secret_properties {
content_type = "application/x-pkcs12"
}
}
}
`, rString, location, rString, rString)
}

func testAccAzureRMKeyVaultCertificate_requiresImport(rString string, location string) string {
template := testAccAzureRMKeyVaultCertificate_basicImportPFX(rString, location)
return fmt.Sprintf(`
Expand Down
Loading