From 524a35f97a15516e2859667a711c352166a727c2 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sat, 20 Oct 2018 22:52:51 +0200 Subject: [PATCH 01/21] azurerm_keyvault_certificate: Add subject alternative names --- azurerm/resource_arm_key_vault_certificate.go | 98 ++++++++++++++++++- 1 file changed, 95 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index c6fb7e407970..62c41009b036 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -211,6 +211,39 @@ func resourceArmKeyVaultCertificate() *schema.Resource { Required: true, ForceNew: true, }, + "subject_alternative_names": { + Type: schema.TypeList, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "emails": { + Type: schema.TypeList, + Optional: true, + ForceNew: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "dns_names": { + Type: schema.TypeList, + Optional: true, + ForceNew: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "upns": { + Type: schema.TypeList, + Optional: true, + ForceNew: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "validity_in_months": { Type: schema.TypeInt, Required: true, @@ -462,16 +495,58 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat keyUsage = append(keyUsage, keyvault.KeyUsageType(key.(string))) } + subjectAlternativeNames := &keyvault.SubjectAlternativeNames{} + if v, ok := cert["subject_alternative_names"]; ok { + sans := v.([]interface{}) + san := sans[0].(map[string]interface{}) + + emails := san["emails"].([]interface{}) + if len(emails) > 0 { + // emails := make([]string, len(e)) + // for i, v := range e { + // emails[i] = fmt.Sprint(v) + // } + subjectAlternativeNames.Emails = expandKeyVaultSanProperty(emails) + } + + dnsNames := san["dns_names"].([]interface{}) + if len(dnsNames) > 0 { + // dnsNames := make([]string, len(n)) + // for i, v := range n { + // dnsNames[i] = fmt.Sprint(v) + // } + subjectAlternativeNames.DNSNames = expandKeyVaultSanProperty(dnsNames) + } + + upns := san["upns"].([]interface{}) + if len(upns) > 0 { + // upns := make([]string, len(u)) + // for i, v := range u { + // upns[i] = fmt.Sprint(v) + // } + subjectAlternativeNames.Upns = expandKeyVaultSanProperty(upns) + } + } + policy.X509CertificateProperties = &keyvault.X509CertificateProperties{ - ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), - Subject: utils.String(cert["subject"].(string)), - KeyUsage: &keyUsage, + ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), + Subject: utils.String(cert["subject"].(string)), + KeyUsage: &keyUsage, + SubjectAlternativeNames: subjectAlternativeNames, } } return policy } +func expandKeyVaultSanProperty(input []interface{}) *[]string { + properties := make([]string, len(input)) + for i, v := range input { + properties[i] = fmt.Sprint(v) + } + return &properties +} + func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []interface{} { policy := make(map[string]interface{}, 0) @@ -537,10 +612,27 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter usages = append(usages, string(usage)) } + sanOutput := make(map[string]interface{}, 0) + if san := props.SubjectAlternativeNames; san != nil { + if emails := san.Emails; emails != nil { + sanOutput["emails"] = []string(*san.Emails) + } + + if dnsNames := san.DNSNames; dnsNames != nil { + sanOutput["dns_names"] = []string(*san.DNSNames) + } + + if upns := san.Upns; upns != nil { + sanOutput["upns"] = []string(*san.Upns) + } + } + certProps["key_usage"] = usages certProps["subject"] = *props.Subject certProps["validity_in_months"] = int(*props.ValidityInMonths) + certProps["subject_alternative_names"] = []interface{}{sanOutput} + policy["x509_certificate_properties"] = []interface{}{certProps} } From 31ed307a127003c1f33dda4c11be0f3579e1de05 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sat, 20 Oct 2018 22:53:50 +0200 Subject: [PATCH 02/21] azurerm_keyvault_certificate: update example as it is broken --- website/docs/r/key_vault_certificate.html.markdown | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/website/docs/r/key_vault_certificate.html.markdown b/website/docs/r/key_vault_certificate.html.markdown index 575a44d0252c..685d0c12aa8d 100644 --- a/website/docs/r/key_vault_certificate.html.markdown +++ b/website/docs/r/key_vault_certificate.html.markdown @@ -114,15 +114,20 @@ resource "azurerm_key_vault" "test" { object_id = "${data.azurerm_client_config.current.service_principal_object_id}" certificate_permissions = [ - "all", + "create","delete","deleteissuers", + "get","getissuers","import","list", + "listissuers","managecontacts","manageissuers", + "setissuers","update", ] key_permissions = [ - "all", + "backup","create","decrypt","delete","encrypt","get", + "import","list","purge","recover","restore","sign", + "unwrapKey","update","verify","wrapKey", ] secret_permissions = [ - "all", + "backup","delete","get","list","purge","recover","restore","set", ] } From c04c4a4590b5fc840aeae6daf739cab11f5db239 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sat, 20 Oct 2018 22:54:17 +0200 Subject: [PATCH 03/21] azurerm_keyvault_certificate: update documentation to add san capability --- website/docs/r/key_vault_certificate.html.markdown | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/website/docs/r/key_vault_certificate.html.markdown b/website/docs/r/key_vault_certificate.html.markdown index 685d0c12aa8d..7655345c5496 100644 --- a/website/docs/r/key_vault_certificate.html.markdown +++ b/website/docs/r/key_vault_certificate.html.markdown @@ -176,6 +176,10 @@ resource "azurerm_key_vault_certificate" "test" { "keyEncipherment", ] + subject_alternative_names { + dns_names = ["internal.contoso.com", "domain.hello.world"] + } + subject = "CN=hello-world" validity_in_months = 12 } @@ -246,8 +250,15 @@ The following arguments are supported: * `key_usage` - (Required) A list of uses associated with this Key. Possible values include `cRLSign`, `dataEncipherment`, `decipherOnly`, `digitalSignature`, `encipherOnly`, `keyAgreement`, `keyCertSign`, `keyEncipherment` and `nonRepudiation` and are case-sensitive. Changing this forces a new resource to be created. * `subject` - (Required) The Certificate's Subject. Changing this forces a new resource to be created. +* `subject_alternative_names` - (Optional) A `subject_alternative_names` block as defined below. * `validity_in_months` - (Required) The Certificates Validity Period in Months. Changing this forces a new resource to be created. +`subject_alternative_names` supports the following: + +* `dns_names` - (Optional) A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created. +* `email` - (Optional) A list of email addresses identified by this Certificate. Changing this forces a new resource to be created. +* `upns` - (Optional) A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created. + ## Attributes Reference From eb2533cae011895073e4c0805b806f21501d23f7 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sat, 20 Oct 2018 22:55:05 +0200 Subject: [PATCH 04/21] azurerm_keyvault_certificate: update test to deploy SANs --- azurerm/resource_arm_key_vault_certificate_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/azurerm/resource_arm_key_vault_certificate_test.go b/azurerm/resource_arm_key_vault_certificate_test.go index 86cf2954d9e1..ed92b5de63a1 100644 --- a/azurerm/resource_arm_key_vault_certificate_test.go +++ b/azurerm/resource_arm_key_vault_certificate_test.go @@ -347,6 +347,11 @@ resource "azurerm_key_vault_certificate" "test" { ] subject = "CN=hello-world" + subject_alternative_names { + emails = ["mary@stu.co.uk"] + dns_names = ["internal.contoso.com"] + upns = ["john@doe.com"] + } validity_in_months = 12 } } From 9e4ee916cbf4b920dc323d858f944521d18b1cac Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sat, 20 Oct 2018 23:08:13 +0200 Subject: [PATCH 05/21] azurerm_key_vault_certificate: remove unnecessary commented code --- azurerm/resource_arm_key_vault_certificate.go | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 62c41009b036..5a93e282130e 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -502,28 +502,16 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat emails := san["emails"].([]interface{}) if len(emails) > 0 { - // emails := make([]string, len(e)) - // for i, v := range e { - // emails[i] = fmt.Sprint(v) - // } subjectAlternativeNames.Emails = expandKeyVaultSanProperty(emails) } dnsNames := san["dns_names"].([]interface{}) if len(dnsNames) > 0 { - // dnsNames := make([]string, len(n)) - // for i, v := range n { - // dnsNames[i] = fmt.Sprint(v) - // } subjectAlternativeNames.DNSNames = expandKeyVaultSanProperty(dnsNames) } upns := san["upns"].([]interface{}) if len(upns) > 0 { - // upns := make([]string, len(u)) - // for i, v := range u { - // upns[i] = fmt.Sprint(v) - // } subjectAlternativeNames.Upns = expandKeyVaultSanProperty(upns) } } From bcd540cdd09d80ecd32bb4cabc4ae80396883cfa Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Tue, 23 Oct 2018 00:01:53 +0200 Subject: [PATCH 06/21] Update san acceptance tests --- ...resource_arm_key_vault_certificate_test.go | 114 ++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/azurerm/resource_arm_key_vault_certificate_test.go b/azurerm/resource_arm_key_vault_certificate_test.go index ed92b5de63a1..e2c282fbd2d8 100644 --- a/azurerm/resource_arm_key_vault_certificate_test.go +++ b/azurerm/resource_arm_key_vault_certificate_test.go @@ -96,6 +96,30 @@ func TestAccAzureRMKeyVaultCertificate_basicGenerate(t *testing.T) { }) } +func TestAccAzureRMKeyVaultCertificate_basicGenerateSans(t *testing.T) { + resourceName := "azurerm_key_vault_certificate.test" + rs := acctest.RandString(6) + config := testAccAzureRMKeyVaultCertificate_basicGenerateSans(rs, testLocation()) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKeyVaultCertificateDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKeyVaultCertificateExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "certificate_data"), + resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.emails.0", "mary@stu.co.uk"), + resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.dns_names.0", "internal.contoso.com"), + resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.upns.0", "john@doe.com"), + ), + }, + }, + }) +} + func TestAccAzureRMKeyVaultCertificate_basicGenerateTags(t *testing.T) { resourceName := "azurerm_key_vault_certificate.test" rs := acctest.RandString(6) @@ -306,6 +330,95 @@ resource "azurerm_key_vault" "test" { } } +resource "azurerm_key_vault_certificate" "test" { + name = "acctestcert%s" + vault_uri = "${azurerm_key_vault.test.vault_uri}" + + certificate_policy { + issuer_parameters { + name = "Self" + } + + key_properties { + exportable = true + key_size = 2048 + key_type = "RSA" + reuse_key = true + } + + lifetime_action { + action { + action_type = "AutoRenew" + } + + trigger { + days_before_expiry = 30 + } + } + + secret_properties { + content_type = "application/x-pkcs12" + } + + x509_certificate_properties { + key_usage = [ + "cRLSign", + "dataEncipherment", + "digitalSignature", + "keyAgreement", + "keyCertSign", + "keyEncipherment", + ] + + subject = "CN=hello-world" + validity_in_months = 12 + } + } +} + +`, rString, location, rString, rString) +} + +func testAccAzureRMKeyVaultCertificate_basicGenerateSans(rString string, location string) string { + return fmt.Sprintf(` +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%s" + location = "%s" +} + +resource "azurerm_key_vault" "test" { + name = "acctestkeyvault%s" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + + sku { + name = "standard" + } + + access_policy { + tenant_id = "${data.azurerm_client_config.current.tenant_id}" + object_id = "${data.azurerm_client_config.current.service_principal_object_id}" + + certificate_permissions = [ + "create", + "delete", + "get", + "update" + ] + + key_permissions = [ + "create", + ] + + secret_permissions = [ + "set", + ] + } +} + resource "azurerm_key_vault_certificate" "test" { name = "acctestcert%s" vault_uri = "${azurerm_key_vault.test.vault_uri}" @@ -359,6 +472,7 @@ resource "azurerm_key_vault_certificate" "test" { `, rString, location, rString, rString) } + func testAccAzureRMKeyVaultCertificate_basicGenerateTags(rString string, location string) string { return fmt.Sprintf(` data "azurerm_client_config" "current" {} From b2c569dadc2230495180809d1e8d15d25d81d7a1 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Tue, 23 Oct 2018 00:05:07 +0200 Subject: [PATCH 07/21] Update acceptance tests --- azurerm/resource_arm_key_vault_certificate_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate_test.go b/azurerm/resource_arm_key_vault_certificate_test.go index e2c282fbd2d8..4cdef4806f36 100644 --- a/azurerm/resource_arm_key_vault_certificate_test.go +++ b/azurerm/resource_arm_key_vault_certificate_test.go @@ -111,9 +111,9 @@ func TestAccAzureRMKeyVaultCertificate_basicGenerateSans(t *testing.T) { Check: resource.ComposeTestCheckFunc( testCheckAzureRMKeyVaultCertificateExists(resourceName), resource.TestCheckResourceAttrSet(resourceName, "certificate_data"), - resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.emails.0", "mary@stu.co.uk"), - resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.dns_names.0", "internal.contoso.com"), - resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.upns.0", "john@doe.com"), + resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.0.emails.0", "mary@stu.co.uk"), + resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.0.dns_names.0", "internal.contoso.com"), + resource.TestCheckResourceAttr(resourceName, "certificate_policy.0.x509_certificate_properties.0.subject_alternative_names.0.upns.0", "john@doe.com"), ), }, }, From bca17b80b9ec8e7dcab1a3c8aafa81a505f51e75 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Tue, 23 Oct 2018 00:13:23 +0200 Subject: [PATCH 08/21] azurerm_key_vault_certificate: documentation, changed email to emails --- website/docs/r/key_vault_certificate.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/key_vault_certificate.html.markdown b/website/docs/r/key_vault_certificate.html.markdown index 7655345c5496..3fa411c5d1f5 100644 --- a/website/docs/r/key_vault_certificate.html.markdown +++ b/website/docs/r/key_vault_certificate.html.markdown @@ -256,7 +256,7 @@ The following arguments are supported: `subject_alternative_names` supports the following: * `dns_names` - (Optional) A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created. -* `email` - (Optional) A list of email addresses identified by this Certificate. Changing this forces a new resource to be created. +* `emails` - (Optional) A list of email addresses identified by this Certificate. Changing this forces a new resource to be created. * `upns` - (Optional) A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created. From 468d60d46f34a826593d7d089f5e6b9110fb0340 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Thu, 25 Oct 2018 23:37:10 +0200 Subject: [PATCH 09/21] azurerm_key_vault_certificate: fix unnecessary conversions, gofmt -s run --- azurerm/resource_arm_key_vault_certificate.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 57c34bba7dad..e9248ee1d94e 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -616,15 +616,15 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter sanOutput := make(map[string]interface{}, 0) if san := props.SubjectAlternativeNames; san != nil { if emails := san.Emails; emails != nil { - sanOutput["emails"] = []string(*san.Emails) + sanOutput["emails"] = *san.Emails } if dnsNames := san.DNSNames; dnsNames != nil { - sanOutput["dns_names"] = []string(*san.DNSNames) + sanOutput["dns_names"] = *san.DNSNames } if upns := san.Upns; upns != nil { - sanOutput["upns"] = []string(*san.Upns) + sanOutput["upns"] = *san.Upns } } From 029686fba67a16be565ea07b02b79e6ad635b662 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Fri, 26 Oct 2018 14:53:07 +0200 Subject: [PATCH 10/21] azurerm_key_vault_certificate: fix errors - SANS: when item was undefined, it always cause a diff in the plan - SANS: made the block optional as it should be --- azurerm/resource_arm_key_vault_certificate.go | 43 ++++++++++--------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index e9248ee1d94e..8150e51105cf 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -222,7 +222,8 @@ func resourceArmKeyVaultCertificate() *schema.Resource { }, "subject_alternative_names": { Type: schema.TypeList, - Required: true, + Optional: true, + ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -509,22 +510,24 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat subjectAlternativeNames := &keyvault.SubjectAlternativeNames{} if v, ok := cert["subject_alternative_names"]; ok { - sans := v.([]interface{}) - san := sans[0].(map[string]interface{}) - emails := san["emails"].([]interface{}) - if len(emails) > 0 { - subjectAlternativeNames.Emails = expandKeyVaultSanProperty(emails) - } + if sans := v.([]interface{}); len(sans) > 0 { + san := sans[0].(map[string]interface{}) - dnsNames := san["dns_names"].([]interface{}) - if len(dnsNames) > 0 { - subjectAlternativeNames.DNSNames = expandKeyVaultSanProperty(dnsNames) - } + emails := san["emails"].([]interface{}) + if len(emails) > 0 { + subjectAlternativeNames.Emails = expandKeyVaultSanProperty(emails) + } - upns := san["upns"].([]interface{}) - if len(upns) > 0 { - subjectAlternativeNames.Upns = expandKeyVaultSanProperty(upns) + dnsNames := san["dns_names"].([]interface{}) + if len(dnsNames) > 0 { + subjectAlternativeNames.DNSNames = expandKeyVaultSanProperty(dnsNames) + } + + upns := san["upns"].([]interface{}) + if len(upns) > 0 { + subjectAlternativeNames.Upns = expandKeyVaultSanProperty(upns) + } } } @@ -616,15 +619,15 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter sanOutput := make(map[string]interface{}, 0) if san := props.SubjectAlternativeNames; san != nil { if emails := san.Emails; emails != nil { - sanOutput["emails"] = *san.Emails + sanOutput["emails"] = *emails } if dnsNames := san.DNSNames; dnsNames != nil { - sanOutput["dns_names"] = *san.DNSNames + sanOutput["dns_names"] = *dnsNames } if upns := san.Upns; upns != nil { - sanOutput["upns"] = *san.Upns + sanOutput["upns"] = *upns } } @@ -634,9 +637,9 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter if props.Ekus != nil { certProps["extended_key_usage"] = props.Ekus } - - certProps["subject_alternative_names"] = []interface{}{sanOutput} - + if len(sanOutput) > 0 { + certProps["subject_alternative_names"] = []interface{}{sanOutput} + } policy["x509_certificate_properties"] = []interface{}{certProps} } From 6caa2570777f172b1dbf7356470d940ae8d81703 Mon Sep 17 00:00:00 2001 From: kt Date: Sat, 27 Oct 2018 09:07:26 -0700 Subject: [PATCH 11/21] make fmt --- azurerm/resource_arm_key_vault_certificate.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 8150e51105cf..d8e1d15e3b92 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -532,10 +532,10 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat } policy.X509CertificateProperties = &keyvault.X509CertificateProperties{ - ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), - Subject: utils.String(cert["subject"].(string)), - KeyUsage: &keyUsage, - Ekus: extendedKeyUsage, + ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), + Subject: utils.String(cert["subject"].(string)), + KeyUsage: &keyUsage, + Ekus: extendedKeyUsage, SubjectAlternativeNames: subjectAlternativeNames, } } From 786fe4b47de94231ad121d7cf56f1a9b1bb7f6bc Mon Sep 17 00:00:00 2001 From: Tom Harvey Date: Sat, 27 Oct 2018 22:04:04 +0200 Subject: [PATCH 12/21] Update azurerm/resource_arm_key_vault_certificate.go Co-Authored-By: draggeta --- azurerm/resource_arm_key_vault_certificate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index d8e1d15e3b92..ffaa7fa203de 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -616,7 +616,7 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter usages = append(usages, string(usage)) } - sanOutput := make(map[string]interface{}, 0) + sanOutputs := make([]interface{}, 0) if san := props.SubjectAlternativeNames; san != nil { if emails := san.Emails; emails != nil { sanOutput["emails"] = *emails From 853c3a2ee20ca2199987f7d3722f6e28a08b8bf8 Mon Sep 17 00:00:00 2001 From: Tom Harvey Date: Sat, 27 Oct 2018 22:04:10 +0200 Subject: [PATCH 13/21] Update azurerm/resource_arm_key_vault_certificate.go Co-Authored-By: draggeta --- azurerm/resource_arm_key_vault_certificate.go | 1 + 1 file changed, 1 insertion(+) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index ffaa7fa203de..e30bdfd8e7f1 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -618,6 +618,7 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter sanOutputs := make([]interface{}, 0) if san := props.SubjectAlternativeNames; san != nil { + sanOutput := make(map[string]interface{}, 0) if emails := san.Emails; emails != nil { sanOutput["emails"] = *emails } From 46dfdd254dbc940dee1cd538e285ea9793211915 Mon Sep 17 00:00:00 2001 From: Tom Harvey Date: Sat, 27 Oct 2018 22:04:14 +0200 Subject: [PATCH 14/21] Update azurerm/resource_arm_key_vault_certificate.go Co-Authored-By: draggeta --- azurerm/resource_arm_key_vault_certificate.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index e30bdfd8e7f1..8a6739a0753c 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -630,6 +630,8 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter if upns := san.Upns; upns != nil { sanOutput["upns"] = *upns } + + sanOutputs = append(sanOutputs, sanOutput) } certProps["key_usage"] = usages From dd26590513c92ed11e2d2792f975c1d9d1f326e9 Mon Sep 17 00:00:00 2001 From: Tom Harvey Date: Sat, 27 Oct 2018 22:04:26 +0200 Subject: [PATCH 15/21] Update azurerm/resource_arm_key_vault_certificate.go Co-Authored-By: draggeta --- azurerm/resource_arm_key_vault_certificate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 8a6739a0753c..97e7d6a46b72 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -640,7 +640,7 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter if props.Ekus != nil { certProps["extended_key_usage"] = props.Ekus } - if len(sanOutput) > 0 { + certProps["subject_alternative_names"] = sanOutputs certProps["subject_alternative_names"] = []interface{}{sanOutput} } policy["x509_certificate_properties"] = []interface{}{certProps} From add8500c31dce505d309786b6263bf6101115b2b Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sat, 27 Oct 2018 23:14:14 +0200 Subject: [PATCH 16/21] azurerm_key_vault_certificate: Add requested changes --- azurerm/resource_arm_key_vault_certificate.go | 28 ++++++------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 97e7d6a46b72..8bd41b58d13f 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -516,26 +516,26 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat emails := san["emails"].([]interface{}) if len(emails) > 0 { - subjectAlternativeNames.Emails = expandKeyVaultSanProperty(emails) + subjectAlternativeNames.Emails = utils.ExpandStringArray(emails) } dnsNames := san["dns_names"].([]interface{}) if len(dnsNames) > 0 { - subjectAlternativeNames.DNSNames = expandKeyVaultSanProperty(dnsNames) + subjectAlternativeNames.DNSNames = utils.ExpandStringArray(dnsNames) } upns := san["upns"].([]interface{}) if len(upns) > 0 { - subjectAlternativeNames.Upns = expandKeyVaultSanProperty(upns) + subjectAlternativeNames.Upns = utils.ExpandStringArray(upns) } } } policy.X509CertificateProperties = &keyvault.X509CertificateProperties{ - ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), - Subject: utils.String(cert["subject"].(string)), - KeyUsage: &keyUsage, - Ekus: extendedKeyUsage, + ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), + Subject: utils.String(cert["subject"].(string)), + KeyUsage: &keyUsage, + Ekus: extendedKeyUsage, SubjectAlternativeNames: subjectAlternativeNames, } } @@ -543,14 +543,6 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat return policy } -func expandKeyVaultSanProperty(input []interface{}) *[]string { - properties := make([]string, len(input)) - for i, v := range input { - properties[i] = fmt.Sprint(v) - } - return &properties -} - func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []interface{} { policy := make(map[string]interface{}, 0) @@ -630,7 +622,7 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter if upns := san.Upns; upns != nil { sanOutput["upns"] = *upns } - + sanOutputs = append(sanOutputs, sanOutput) } @@ -640,9 +632,7 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter if props.Ekus != nil { certProps["extended_key_usage"] = props.Ekus } - certProps["subject_alternative_names"] = sanOutputs - certProps["subject_alternative_names"] = []interface{}{sanOutput} - } + certProps["subject_alternative_names"] = sanOutputs policy["x509_certificate_properties"] = []interface{}{certProps} } From 8cc14a880930ebcc997a4c37e172795326de1b5b Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sun, 28 Oct 2018 02:56:47 +0100 Subject: [PATCH 17/21] make subject_alternative_names computed --- azurerm/resource_arm_key_vault_certificate.go | 1 + 1 file changed, 1 insertion(+) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 8bd41b58d13f..071e79c0c2b7 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -224,6 +224,7 @@ func resourceArmKeyVaultCertificate() *schema.Resource { Type: schema.TypeList, Optional: true, ForceNew: true, + Computed: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ From 6fdb279adc16c500a214e4a510cd0c187b579549 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sun, 28 Oct 2018 02:57:22 +0100 Subject: [PATCH 18/21] Flatten array always --- azurerm/resource_arm_key_vault_certificate.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 071e79c0c2b7..b1b4836d8083 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -613,15 +613,15 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter if san := props.SubjectAlternativeNames; san != nil { sanOutput := make(map[string]interface{}, 0) if emails := san.Emails; emails != nil { - sanOutput["emails"] = *emails + sanOutput["emails"] = utils.FlattenStringArray(san.Emails) } if dnsNames := san.DNSNames; dnsNames != nil { - sanOutput["dns_names"] = *dnsNames + sanOutput["dns_names"] = utils.FlattenStringArray(san.DNSNames) } if upns := san.Upns; upns != nil { - sanOutput["upns"] = *upns + sanOutput["upns"] = utils.FlattenStringArray(san.Upns) } sanOutputs = append(sanOutputs, sanOutput) From 3111e7850a0ca41242237f1d2f91f1d5ec750429 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sun, 28 Oct 2018 02:58:20 +0100 Subject: [PATCH 19/21] fix panic regarding empty item --- azurerm/resource_arm_key_vault_certificate.go | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index b1b4836d8083..75233e91c6a0 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -513,21 +513,23 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat if v, ok := cert["subject_alternative_names"]; ok { if sans := v.([]interface{}); len(sans) > 0 { - san := sans[0].(map[string]interface{}) - - emails := san["emails"].([]interface{}) - if len(emails) > 0 { - subjectAlternativeNames.Emails = utils.ExpandStringArray(emails) - } - - dnsNames := san["dns_names"].([]interface{}) - if len(dnsNames) > 0 { - subjectAlternativeNames.DNSNames = utils.ExpandStringArray(dnsNames) - } - - upns := san["upns"].([]interface{}) - if len(upns) > 0 { - subjectAlternativeNames.Upns = utils.ExpandStringArray(upns) + if sans[0] != nil { + san := sans[0].(map[string]interface{}) + + emails := san["emails"].([]interface{}) + if len(emails) > 0 { + subjectAlternativeNames.Emails = utils.ExpandStringArray(emails) + } + + dnsNames := san["dns_names"].([]interface{}) + if len(dnsNames) > 0 { + subjectAlternativeNames.DNSNames = utils.ExpandStringArray(dnsNames) + } + + upns := san["upns"].([]interface{}) + if len(upns) > 0 { + subjectAlternativeNames.Upns = utils.ExpandStringArray(upns) + } } } } From 8b3f5feb56f09806c33561c3c20b746d68db3a75 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Sun, 28 Oct 2018 03:16:18 +0100 Subject: [PATCH 20/21] remove if statements --- azurerm/resource_arm_key_vault_certificate.go | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 75233e91c6a0..57ec16f05dea 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -614,17 +614,10 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter sanOutputs := make([]interface{}, 0) if san := props.SubjectAlternativeNames; san != nil { sanOutput := make(map[string]interface{}, 0) - if emails := san.Emails; emails != nil { - sanOutput["emails"] = utils.FlattenStringArray(san.Emails) - } - - if dnsNames := san.DNSNames; dnsNames != nil { - sanOutput["dns_names"] = utils.FlattenStringArray(san.DNSNames) - } - if upns := san.Upns; upns != nil { - sanOutput["upns"] = utils.FlattenStringArray(san.Upns) - } + sanOutput["emails"] = utils.FlattenStringArray(san.Emails) + sanOutput["dns_names"] = utils.FlattenStringArray(san.DNSNames) + sanOutput["upns"] = utils.FlattenStringArray(san.Upns) sanOutputs = append(sanOutputs, sanOutput) } From de467bb36a01a10f9701c713363a71da8ef0ffe6 Mon Sep 17 00:00:00 2001 From: Tony Fortes Ramos Date: Mon, 29 Oct 2018 13:15:19 +0100 Subject: [PATCH 21/21] Fix the gofmt issue by running version 1.10 version of binary --- azurerm/resource_arm_key_vault_certificate.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go index 57ec16f05dea..514d2afa04d3 100644 --- a/azurerm/resource_arm_key_vault_certificate.go +++ b/azurerm/resource_arm_key_vault_certificate.go @@ -535,10 +535,10 @@ func expandKeyVaultCertificatePolicy(d *schema.ResourceData) keyvault.Certificat } policy.X509CertificateProperties = &keyvault.X509CertificateProperties{ - ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), - Subject: utils.String(cert["subject"].(string)), - KeyUsage: &keyUsage, - Ekus: extendedKeyUsage, + ValidityInMonths: utils.Int32(int32(cert["validity_in_months"].(int))), + Subject: utils.String(cert["subject"].(string)), + KeyUsage: &keyUsage, + Ekus: extendedKeyUsage, SubjectAlternativeNames: subjectAlternativeNames, } }