Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_application_gateway - add trusted_root_certificate_names property #4821

Closed
wants to merge 3 commits into from
Closed

azurerm_application_gateway - add trusted_root_certificate_names property #4821

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3adea28
azurerm_application_gateway bind trusted_root_certificate with http_s…
miguelaco Nov 6, 2019
687a47a
Removed id and changed attribute to trusted_root_certificate_names
majimenez-stratio Nov 9, 2019
63b3292
Documentation
majimenez-stratio Nov 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions azurerm/resource_arm_application_gateway.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,24 @@ func resourceArmApplicationGateway() *schema.Resource {
},
},

"trusted_root_certificate": {
Type: schema.TypeList,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
},

"id": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you see anyone using this id anywhere? If not, it might be worth removing this block entirely and just having an attribute called trusted_root_certificate_name

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @mbfrahry, you're right, I don't think id is needed, a list of strings should be enough. I pushed a new commit with your suggestion and managed the state. Let me know what you think. Unit test is still missing, I'll try to provide one asap.

Type: schema.TypeString,
Computed: true,
},
},
},
},

"connection_draining": {
Type: schema.TypeList,
MaxItems: 1,
Expand Down Expand Up @@ -2011,6 +2029,24 @@ func expandApplicationGatewayBackendHTTPSettings(d *schema.ResourceData, gateway
setting.ApplicationGatewayBackendHTTPSettingsPropertiesFormat.AuthenticationCertificates = &authCertSubResources
}

if v["trusted_root_certificate"] != nil {
trustedRootCerts := v["trusted_root_certificate"].([]interface{})
trustedRootCertSubResources := make([]network.SubResource, 0)

for _, rawTrustedRootCert := range trustedRootCerts {
trustedRootCert := rawTrustedRootCert.(map[string]interface{})
trustedRootCertName := trustedRootCert["name"].(string)
trustedRootCertID := fmt.Sprintf("%s/trustedRootCertificates/%s", gatewayID, trustedRootCertName)
trustedRootCertSubResource := network.SubResource{
ID: utils.String(trustedRootCertID),
}

trustedRootCertSubResources = append(trustedRootCertSubResources, trustedRootCertSubResource)
}

setting.ApplicationGatewayBackendHTTPSettingsPropertiesFormat.TrustedRootCertificates = &trustedRootCertSubResources
}

probeName := v["probe_name"].(string)
if probeName != "" {
probeID := fmt.Sprintf("%s/probes/%s", gatewayID, probeName)
Expand Down
12 changes: 10 additions & 2 deletions website/docs/r/application_gateway.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,9 +188,9 @@ A `authentication_certificate` block supports the following:

A `trusted_root_certificate` block supports the following:

* `name` - (Required) The Name of the Authentication Certificate to use.
* `name` - (Required) The Name of the Trusted Root Certificate to use.

* `data` - (Required) The contents of the Authentication Certificate which should be used.
* `data` - (Required) The contents of the Trusted Root Certificate which should be used.

---

Expand All @@ -200,6 +200,12 @@ A `authentication_certificate` block, within the `backend_http_settings` block s

---

A `trusted_root_certificate` block, within the `backend_http_settings` block supports the following:

* `name` - (Required) The name of the Trusted Root Certificate.

---

A `backend_address_pool` block supports the following:

* `name` - (Required) The name of the Backend Address Pool.
Expand Down Expand Up @@ -238,6 +244,8 @@ A `backend_http_settings` block supports the following:

* `authentication_certificate` - (Optional) One or more `authentication_certificate` blocks.

* `trusted_root_certificate` - (Optional) One or more `trusted_root_certificate` blocks.

* `connection_draining` - (Optional) A `connection_draining` block as defined below.

---
Expand Down