From e1062f5d267a6958708924e27470d1f9feaf2e50 Mon Sep 17 00:00:00 2001
From: Michael Gross <leachimgross@gmail.com>
Date: Wed, 25 Aug 2021 17:59:36 +0200
Subject: [PATCH] generate pfx and update firewall policy tests accordingly

---
 .../firewall/firewall_policy_resource_test.go |  27 ++--------
 internal/services/firewall/testdata/HOWTO.md  |   9 +++-
 .../services/firewall/testdata/cert_key.pem   |  50 ------------------
 .../firewall/testdata/certificate.pfx         | Bin 0 -> 2517 bytes
 4 files changed, 11 insertions(+), 75 deletions(-)
 delete mode 100644 internal/services/firewall/testdata/cert_key.pem
 create mode 100644 internal/services/firewall/testdata/certificate.pfx

diff --git a/internal/services/firewall/firewall_policy_resource_test.go b/internal/services/firewall/firewall_policy_resource_test.go
index 944183d7e78e..5c5adafe7012 100644
--- a/internal/services/firewall/firewall_policy_resource_test.go
+++ b/internal/services/firewall/firewall_policy_resource_test.go
@@ -470,7 +470,7 @@ resource "azurerm_key_vault_certificate" "test" {
   key_vault_id = azurerm_key_vault.test.id
 
   certificate {
-    contents = filebase64("testdata/cert_key.pem")
+    contents = filebase64("testdata/certificate.pfx")
   }
 
   certificate_policy {
@@ -482,32 +482,11 @@ resource "azurerm_key_vault_certificate" "test" {
       exportable = true
       key_size   = 2048
       key_type   = "RSA"
-      reuse_key  = true
+      reuse_key  = false
     }
 
     secret_properties {
-      content_type = "application/x-pem-file"
-    }
-
-    x509_certificate_properties {
-      # Server Authentication = 1.3.6.1.5.5.7.3.1
-      # Client Authentication = 1.3.6.1.5.5.7.3.2
-      extended_key_usage = ["1.3.6.1.5.5.7.3.1"]
-      key_usage = [
-        "cRLSign",
-        "dataEncipherment",
-        "digitalSignature",
-        "keyAgreement",
-        "keyCertSign",
-        "keyEncipherment",
-      ]
-
-      subject_alternative_names {
-        dns_names = ["api.pluginsdk.io"]
-      }
-
-      subject            = "CN=api.pluginsdk.io"
-      validity_in_months = 1
+      content_type = "application/x-pkcs12"
     }
   }
 
diff --git a/internal/services/firewall/testdata/HOWTO.md b/internal/services/firewall/testdata/HOWTO.md
index 5f2a6218a43d..0ec5e949e0f9 100644
--- a/internal/services/firewall/testdata/HOWTO.md
+++ b/internal/services/firewall/testdata/HOWTO.md
@@ -1,4 +1,11 @@
-# How Key and Certificate was generated
+# How Certificates were generated
+
+## How Key and Certificate was generated
 ```bash
 openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
+```
+
+## How PFX was generated from above Key and Certificate
+```bash
+openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in cert.pem
 ```
\ No newline at end of file
diff --git a/internal/services/firewall/testdata/cert_key.pem b/internal/services/firewall/testdata/cert_key.pem
deleted file mode 100644
index d31bc9cac810..000000000000
--- a/internal/services/firewall/testdata/cert_key.pem
+++ /dev/null
@@ -1,50 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkjCCAnoCCQDY1A4aUvTZ0TANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
-Q0gxCzAJBgNVBAgMAlpIMQswCQYDVQQHDAJaSDESMBAGA1UECgwJVGVycmFmb3Jt
-MQ4wDAYDVQQLDAVBenVyZTEYMBYGA1UEAwwPd3d3LmNvbnRvc28uY29tMSMwIQYJ
-KoZIhvcNAQkBFhR3aGF0ZXZlckBjb250b3NvLmNvbTAeFw0yMTA0MjIxOTU4MTBa
-Fw0zMTA0MjAxOTU4MTBaMIGKMQswCQYDVQQGEwJDSDELMAkGA1UECAwCWkgxCzAJ
-BgNVBAcMAlpIMRIwEAYDVQQKDAlUZXJyYWZvcm0xDjAMBgNVBAsMBUF6dXJlMRgw
-FgYDVQQDDA93d3cuY29udG9zby5jb20xIzAhBgkqhkiG9w0BCQEWFHdoYXRldmVy
-QGNvbnRvc28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5rx3
-fTN0UUV1ktetzM2AEIJ4ZKQlibrLtVORPX2LQp2Vl/n74DPD2Re/ZgO2NtjhjItY
-O65ZSqOgGz3R8ED4r12AokLCFmqhBnnr4IybeaQos7prjLKwSIyj5NbVMGuzNO6P
-55W1zTMfV+CstbCtXtRPa7zizXjYbT3dfpw8FgJLh9sVWaiCO34Nu9PWF9NRIlzI
-e/Ek3ss/JnNqskH+xnxgxq68slaZa4qojBjiLl/IdIs4A9DtyJnFd99xuh8nShMg
-4ykccPr9/+YBaz8/Ef7/zmXj3g9DLTrIa7JV6s80V5oVINaF7KXu9jmjD+a03SsR
-/8eKX6K+xDBtqxpz8wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAOGe2knCVxje06
-ihfhzprg7lTM7GCgiXqa4fdCVwq0hJAYpMg29F7Df3OE/zVD/mzdRWZe2yVTY47f
-YFEfDKMmkGepgqICs0wTfhBSham8vkk2yDcoT01Lar+Im3GToP3JSM5YFbqxam0R
-/AVskE5aHQ+tIGUwcuwWhjjKQuWua59tI0USjgGaK3cZ5tyFOQPcE3ZFzndWM3Rz
-ojNHH5UJOT7zt4RebBzGRpcNdrbkOtVkRVZIwH0wJfm44zR+L36UhpXUd8XGKvua
-KFlqJhw/8UtYzXXX5bwHb/JTkOLUbs8gobG23lFhxXG5QhqtwqYnHXRw9Jhclv8p
-weEgmhnj
------END CERTIFICATE-----
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDmvHd9M3RRRXWS
-163MzYAQgnhkpCWJusu1U5E9fYtCnZWX+fvgM8PZF79mA7Y22OGMi1g7rllKo6Ab
-PdHwQPivXYCiQsIWaqEGeevgjJt5pCizumuMsrBIjKPk1tUwa7M07o/nlbXNMx9X
-4Ky1sK1e1E9rvOLNeNhtPd1+nDwWAkuH2xVZqII7fg2709YX01EiXMh78STeyz8m
-c2qyQf7GfGDGrryyVplriqiMGOIuX8h0izgD0O3ImcV333G6HydKEyDjKRxw+v3/
-5gFrPz8R/v/OZePeD0MtOshrslXqzzRXmhUg1oXspe72OaMP5rTdKxH/x4pfor7E
-MG2rGnPzAgMBAAECggEAAXJvIWbgNN5FpX0axu0G/5OB48evwJReUK3MfGE8LVfF
-p2VW8goBEWx3s9EUJHXpvDLng8BNKQ2rpGAX3/TYWmkwtFPM2c0jY2ICW68mDnY8
-Fxx1LjW0q0/Oe1HpllsmjY9tcZtbv4SxjqCHFMCd5blZIijWF0nJua2opPGf4tdv
-yvN/D9HYPdRlynj6SjUij0rR2PFN134LLaKhRrAsaeKHqSk+Pngxt6HStRLPSnN+
-dqk+6rA0fJ97YXeiNRjYfRbJEMOedJFW5wavddIXkNzI/3iwrDc5P0A+9X+SbIGm
-6BlKNy6EbFtEsbsbdcefZaVuaRXEVNsiRXBoUHjkYQKBgQD7yZWZDPr0JWtL+Mav
-dewbQUd8xVMzAc9r2mjRCNJi5qanQRDNIDhkYkNVrpBnsKpCe8cDRb3SaawTqYEv
-ASCPGOU92ooQ1AMKMwETaCsrSDAEwpS6NdCSuYZbu6yGqWc8/v4Oi8ZAv10I1TJP
-2WaG2PkvfOpsvXs8ixQWZ4f5QwKBgQDqmLgV86pnDFUEfW8W8f0n6PG0gPSofcF7
-DKDEcRj3ZmkBWDUKiICBInrPgQaxw5rLA4lL1GwRgxMQg51fit52mQcsMK56/aQx
-3BmSIoA3Uf+mzHp+bSL+o1vYmoOtklUF09DGIf+y4XyQy9GjojSzxCVkXqBwFldj
-9+jL0NXXkQKBgECyo8YYF8P0eYWj/ynG20yFkaD181L//BRyosxTv/u52MjRZ0fO
-J69jsHmryV9bfeRnedPVb9lJXfYPcCpr17ntY7ppFWENmVpdkMEz2yPcALq4ZQ8U
-FOwez+9yYfqYPPbnbtC+CctJYNaMMcliy32K8zzIlFQsvCXqdtbq832RAoGAAtPw
-dCNJzJAzfihc7HPiT1bZgwmC6X0Klgci8PtEB8duQJvll8jpc6UMwe+WOxJWjVfv
-kcBvxQ5Fbo+HmB0+bUOO+JNlpwnjrs4uaLqNvRz57fLNDzUVlOg3NTc3myIGcFmL
-TLggMvHQ5JXwYv6TkA8vPDR/zpoWV5gncD2GNmECgYEA8e9f30xeVtce5eUebRkB
-bNCxi1sApTIPq8CXRN5JzX5plFj7K1HUlgqQsIxpdWJhi8G7DMj8C4/K7V+PjCTo
-dU1ulbuFWwrIuSS3W6S1gh+eBhODfU80iO6SvSbGLiq11iRrQL/xMsCLgOExZE5d
-BXgz1uzIrvJt5jmZh6bPSYc=
------END PRIVATE KEY-----
diff --git a/internal/services/firewall/testdata/certificate.pfx b/internal/services/firewall/testdata/certificate.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..cbf0f300daebf9066003876079b8c26512e8bc7d
GIT binary patch
literal 2517
zcmY+^cQhM}8U}D9M3fYtO;fb=Luo?oR;6auu9{a=P}C)Aq-sVGYHt-IK~U-=)M)Kl
zv$Yy^QEFC0RgGA2bA9LBd%t`Cc+Y#z^PKbi`GaCX6D-WEP%J2y9VCY{!X0um1DT0f
zP&@z&iaC!lP%J?0uZo?B1^j*<U1ecrI)9h`YM7zo?418z;9_Qnf&m;){vfhzWzIci
zVc}rHU|DxaV>eLr_Ergxl&)V8db|iut?GLcW@7J{<SuE3n70nScv;N-=;i#z0Cq-4
ziLhw_thUU)P50U4pC;pPL6)TgEuE0}L>cZ6no|tQqJ58F6IV&*&3EZJCv&qHBU;Ub
ze(9B*?T|!Srn0)!cP(4bH*rlsLHB$Fzhn=`g}Mv`Jd<~Uw0Kk=rE{blJPLnMQu;#%
zJGGg+cMYy**HYU84&PT?`n9nR<PpQEeq7m!>TawO_!=Ih*VGuGvC+2K_plWDd0gwe
zv-s1(Y-RD?@;EGx^o3B8z(&^}P+)Pq)#>sCIWBhP!9U|u{pKi5^RPOFX2{ZV(LlRB
zqvMW4YVX@-xo;`$O2w1(uC_<7W-gbX2&w=d7o}@HwpIH8r*LSCH}Koo^cK2EmI(Um
zq11H&23)!ZmR)CvzEYSiXt7-B%vV2;#j!9)zAvn(AWWKLbXq+ZFO?`Y2;`TJclVLK
z6eyioR_nxJ;QafN@TBGayxqOHj{3_xK11?;K8II@_@4f~*ury(4{$?cFZQCWo;@U5
z57!v}yfYBh*!E77YkJDHsQD4MNTkWeSg0e!#-gg?HhFpMAGbh5+F0LuW;;#sVfQsR
zW>zzt-IqCJ9%-ttp(aoDZM?f~jZo|f&0Ukfq2{X9-0B>^bqg5qa{@_SnW16|Rs6=L
zYZ#WT0a1|#Zt$JQgfrD#p2&o==*=qg5;kL-ds|x{b!RoV5MEv%4qQl~-kh7}h*W2*
zVRF_$<OhY|-(fm~ABdx3m8N1*0He;7BW|y5B;;1Snw1t>Ngb(ax%dymYVVu8Yt37j
zT*(>zz-3xkgul&tq~unkS$73Cy3UJLkoIZOkb78bC^fAC{i|mvVP~G@_5qGlF>K{-
zpu((>7^`A~Lm)uAb^qC<I{x#Q?;bgx=D4LQa5vdMCu>0?q+ad$j6-#29Uk+Muk$Pw
z`kvg67m!JCx0VX>%A@sj96pIie#wcd56&!oVUh&YdJtYh7i2e9pCDd+2b4JAUDRU~
zrtD2VkHy;<35eXA<69vJ_OBv39^*%nOL~Nby)DpQ{F*7;GuQY=coPcH0<~}g*3|CX
zel167h~0%i32Qg%k6F?_LbGgRbsa+qI&`f4_AtIi-Gyk1_c-Zk+7DvH6%)Sdxa=A=
zxp*s=<soXO;=n@&%~(m3m_~h^Bn$v3y&9n?oE+-!0vOHC6fOhx3XdHOM8dpJ2jd_V
z|5>Wr$`&nYd)@>Vady3~|3+8^O8?nWPs*+Uwl;lkjs+O0F;Iz?VIv#9A1X4z{J2Lw
zQn0*z-*-4TFWJPMLce`lx=Z_8jHW3R%Le}+Ac$BtB><L9@jRA0KN<E5|KWm@ndRJ-
z?Q>A5|ECD+pNd$pa1A4FSgZc22mlKh1i#a0sVpz;XZDofiN9FSg)Oiw&ZYyA(whx0
zYBR>3M|YZp0QN)=F<x74T3kzEO=z1Or>pXj&IIAo!)_1baP_$N*J^`1)<Vg#EA=Hl
z_@ctZjF7uG?>zJS6r47lnwKvgEgu=wUmV*TI%9kvNAB#MyGBqjt!%e%f2h<mSn%9x
zVNQ83^)t&J#*CQs<mU+1mJEwkzno{bKf>9cdVTmJ$ssRqRKqfKKo#8^4_wdBUtwN$
z@^nCUP~l3gGUb&5{vO;AHCUU{z3oNPCCE&88Fs^!qHPVgH9nSvJ3B&L-0UZwNr;K|
z5Xe?tCTAmQN5XCdIjwQZw$zm$&CF}Mr@jek@Yb*CzZLf+Zn)Rv0#ugNymc9U1o=4V
zss}e*Yu9>sl$y1=oYmymt#EUQeSs9*{|TlqHG4b4>E<41X8_D<TtDGBq^?0BNjN0M
za59^t%vHBy>TArM3!sg)Q9C!jw1e_iGp>BWLTj+6-q&t7wbO95^cR~5OhIt?%K(>C
zifabbS3$-r&6Ao{BIb>u?vaPh6h!X~P7I*mh4eah4e1neIVQ)SY!lk!(VC+7U$2ZF
zIqJQB>73?bp6Q{Za16P&_i%BWcEHLO<G9Zi?3JBF&!mHO=xpf%Z|&Ow!UNfl8m&0C
z1RLYS_<RuiqLwRe!koXMH`Il)B%fJn>zThna|c$ri5BY+Uobq@x5LNAQ6u&XVWG4P
z6_3%Q`qlj~ZO}{9a(p+?WMi!vyXosH0XY*dv*;H-`qjBW8}8=Tp}i46<W6bX#e5bT
zkgln%NGCjfAWw-vQ?CTCFj@|*n*#aw-UXahR!nSE6;NNUqoTSakmAX2?d=$C+8~w4
z!PX%8;fg5Ygq&=~K@^h1Amft}p=;$vh10rq#q`@Bx~K9b<Kdq(N|zaH69^<Q>&{2;
zH{<^5l-CpuXWpiOx7c*4)HZYOvo=dar&Ma9$a1yZ*tl5FsDs@0r$$u`@H#STDos3F
z^@EUY_$<wj-wC1)Nw3Zisy=h?*O7TN*p{C1t9X_KmO?5W9Z(`!sxtIP?~WX}$xVRc
zC9WuunK$1X-McJqcFh!7S*JWw&wBirrv@*RFznNNspwMFM^sQp%gnR1LtI6er`#6G
zuw+enp{CWM(IpxNd+PfK8FiYiXopp00uUvT8m9DVO1VJCMql8ff9auiP9q9BV0~*j
ziyo%}u~=24F5PtZC(qczGeokc*+0&E#DzzVDr?-|ZI9mmUKsqolo-31Li#>+KsfFx
z^ppER!DCR62_CiaGQ%&@@APor@@uu6hC`E5w?6ZEUAplQ52DVv^465-JjLkY$<KCD
z!K*xn`aRiHRMueMq&Fb>4<R(~j0R7F2X$lqRv~$x+N9E?Wc?~JC5LUZa!(azI7C}L
zsEt_@y54uOVU6TVM9VTwm^?D1okV4e*`~=<V*^A)%sLqPQ-N~gQrbtdF=+w$8r=(F
z-2NFZgACkBStVYe9Zf3v?YQ9B?ag%+Ib|1M#$NKTSN1Y3gAqWQ=XdX1y!B5rJHP6Y
zu7PrP1<5cmQ>`$XcOzpFfo!ug65&kYwl`1E5>ZPwZk@D9nG`{|`UT<~i(t~wEC1CI
zBmffx@W1$=;h+ezY9cdai57tj!5x{NCMXOl2?epU$%9#0MA?`C{G-QWh($5lx~jv;
a#E=HyF(vve6Ts0`UQ*urv(D&GCI1CMPRSJj

literal 0
HcmV?d00001