diff --git a/azurerm/resource_arm_key_vault_access_policy_test.go b/azurerm/resource_arm_key_vault_access_policy_test.go index 56f27b177249..eaf01bda0512 100644 --- a/azurerm/resource_arm_key_vault_access_policy_test.go +++ b/azurerm/resource_arm_key_vault_access_policy_test.go @@ -38,6 +38,34 @@ func TestAccAzureRMKeyVaultAccessPolicy_basic(t *testing.T) { }) } +func TestAccAzureRMKeyVaultAccessPolicy_basicClassic(t *testing.T) { + resourceName := "azurerm_key_vault_access_policy.test" + rs := acctest.RandString(6) + config := testAccAzureRMKeyVaultAccessPolicy_basicClassic(rs, testLocation()) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKeyVaultDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKeyVaultAccessPolicyExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "key_permissions.0", "get"), + resource.TestCheckResourceAttr(resourceName, "secret_permissions.0", "get"), + resource.TestCheckResourceAttr(resourceName, "secret_permissions.1", "set"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccAzureRMKeyVaultAccessPolicy_requiresImport(t *testing.T) { if !requireResourcesToBeImported { t.Skip("Skipping since resources aren't required to be imported") @@ -213,6 +241,29 @@ resource "azurerm_key_vault_access_policy" "test" { `, template) } +func testAccAzureRMKeyVaultAccessPolicy_basicClassic(rString string, location string) string { + template := testAccAzureRMKeyVaultAccessPolicy_template(rString, location) + return fmt.Sprintf(` +%s + +resource "azurerm_key_vault_access_policy" "test" { + vault_uri = "${azurerm_key_vault.test.vault_uri}" + + key_permissions = [ + "get", + ] + + secret_permissions = [ + "get", + "set", + ] + + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + object_id = "${data.azurerm_client_config.current.service_principal_object_id}" +} +`, template) +} + func testAccAzureRMKeyVaultAccessPolicy_requiresImport(rString string, location string) string { template := testAccAzureRMKeyVaultAccessPolicy_basic(rString, location) return fmt.Sprintf(` diff --git a/azurerm/resource_arm_key_vault_certificate_test.go b/azurerm/resource_arm_key_vault_certificate_test.go index f1f64a025163..7b650ef47fbd 100644 --- a/azurerm/resource_arm_key_vault_certificate_test.go +++ b/azurerm/resource_arm_key_vault_certificate_test.go @@ -40,6 +40,33 @@ func TestAccAzureRMKeyVaultCertificate_basicImportPFX(t *testing.T) { }) } +func TestAccAzureRMKeyVaultCertificate_basicImportPFXClassic(t *testing.T) { + resourceName := "azurerm_key_vault_certificate.test" + rs := acctest.RandString(6) + config := testAccAzureRMKeyVaultCertificate_basicImportPFXClassic(rs, testLocation()) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKeyVaultCertificateDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKeyVaultCertificateExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "certificate_data"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"certificate"}, + }, + }, + }) +} + func TestAccAzureRMKeyVaultCertificate_requiresImport(t *testing.T) { if !requireResourcesToBeImported { t.Skip("Skipping since resources aren't required to be imported") @@ -395,6 +422,74 @@ resource "azurerm_key_vault_certificate" "test" { `, rString, location, rString, rString) } +func testAccAzureRMKeyVaultCertificate_basicImportPFXClassic(rString string, location string) string { + return fmt.Sprintf(` +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%s" + location = "%s" +} + +resource "azurerm_key_vault" "test" { + name = "acctestkeyvault%s" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + + sku { + name = "standard" + } + + access_policy { + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + object_id = "${data.azurerm_client_config.current.service_principal_object_id}" + + certificate_permissions = [ + "delete", + "import", + "get", + ] + + key_permissions = [ + "create", + ] + + secret_permissions = [ + "set", + ] + } +} + +resource "azurerm_key_vault_certificate" "test" { + name = "acctestcert%s" + vault_uri = "${azurerm_key_vault.test.vault_uri}" + + certificate { + contents = "${base64encode(file("testdata/keyvaultcert.pfx"))}" + password = "" + } + + certificate_policy { + issuer_parameters { + name = "Self" + } + + key_properties { + exportable = true + key_size = 2048 + key_type = "RSA" + reuse_key = false + } + + secret_properties { + content_type = "application/x-pkcs12" + } + } +} +`, rString, location, rString, rString) +} + func testAccAzureRMKeyVaultCertificate_requiresImport(rString string, location string) string { template := testAccAzureRMKeyVaultCertificate_basicImportPFX(rString, location) return fmt.Sprintf(` diff --git a/azurerm/resource_arm_key_vault_key_test.go b/azurerm/resource_arm_key_vault_key_test.go index daa2579cec70..6d8266683ff6 100644 --- a/azurerm/resource_arm_key_vault_key_test.go +++ b/azurerm/resource_arm_key_vault_key_test.go @@ -39,6 +39,32 @@ func TestAccAzureRMKeyVaultKey_basicEC(t *testing.T) { }) } +func TestAccAzureRMKeyVaultKey_basicECClassic(t *testing.T) { + resourceName := "azurerm_key_vault_key.test" + rs := acctest.RandString(6) + config := testAccAzureRMKeyVaultKey_basicECClassic(rs, testLocation()) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKeyVaultKeyDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKeyVaultKeyExists(resourceName), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"key_size"}, + }, + }, + }) +} + func TestAccAzureRMKeyVaultKey_requiresImport(t *testing.T) { if !requireResourcesToBeImported { t.Skip("Skipping since resources aren't required to be imported") @@ -373,9 +399,64 @@ resource "azurerm_key_vault" "test" { } } +resource "azurerm_key_vault_key" "test" { + name = "key-%s" + key_vault_id = "${azurerm_key_vault.test.id}" + key_type = "EC" + key_size = 2048 + + key_opts = [ + "sign", + "verify", + ] +} +`, rString, location, rString, rString) +} + +func testAccAzureRMKeyVaultKey_basicECClassic(rString string, location string) string { + return fmt.Sprintf(` +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%s" + location = "%s" +} + +resource "azurerm_key_vault" "test" { + name = "acctestkv-%s" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + + sku { + name = "premium" + } + + access_policy { + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + object_id = "${data.azurerm_client_config.current.service_principal_object_id}" + + key_permissions = [ + "create", + "delete", + "get", + ] + + secret_permissions = [ + "get", + "delete", + "set", + ] + } + + tags { + environment = "Production" + } +} + resource "azurerm_key_vault_key" "test" { name = "key-%s" - key_vault_id = "${azurerm_key_vault.test.id}" + vault_uri = "${azurerm_key_vault.test.vault_uri}" key_type = "EC" key_size = 2048 diff --git a/azurerm/resource_arm_key_vault_secret_test.go b/azurerm/resource_arm_key_vault_secret_test.go index f6b33121cceb..519d8bbd5312 100644 --- a/azurerm/resource_arm_key_vault_secret_test.go +++ b/azurerm/resource_arm_key_vault_secret_test.go @@ -39,6 +39,32 @@ func TestAccAzureRMKeyVaultSecret_basic(t *testing.T) { }) } +func TestAccAzureRMKeyVaultSecret_basicClassic(t *testing.T) { + resourceName := "azurerm_key_vault_secret.test" + rs := acctest.RandString(6) + config := testAccAzureRMKeyVaultSecret_basicClasic(rs, testLocation()) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKeyVaultSecretDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKeyVaultSecretExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "value", "rick-and-morty"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccAzureRMKeyVaultSecret_requiresImport(t *testing.T) { if !requireResourcesToBeImported { t.Skip("Skipping since resources aren't required to be imported") @@ -324,6 +350,53 @@ resource "azurerm_key_vault_secret" "test" { `, rString, location, rString, rString) } +func testAccAzureRMKeyVaultSecret_basicClassic(rString string, location string) string { + return fmt.Sprintf(` +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%s" + location = "%s" +} + +resource "azurerm_key_vault" "test" { + name = "acctestkv-%s" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + + sku { + name = "premium" + } + + access_policy { + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + object_id = "${data.azurerm_client_config.current.service_principal_object_id}" + + key_permissions = [ + "get", + ] + + secret_permissions = [ + "get", + "delete", + "set", + ] + } + + tags { + environment = "Production" + } +} + +resource "azurerm_key_vault_secret" "test" { + name = "secret-%s" + value = "rick-and-morty" + vault_uri = "${azurerm_key_vault.test.vault_uri}" +} +`, rString, location, rString, rString) +} + func testAccAzureRMKeyVaultSecret_requiresImport(rString string, location string) string { template := testAccAzureRMKeyVaultSecret_basic(rString, location) return fmt.Sprintf(`