Support for certificate attributes - azurerm_key_vault_certificate

azurerm/internal/services/keyvault/key_vault_certificate_resource.go

@@ -310,6 +310,44 @@ func resourceArmKeyVaultCertificate() *schema.Resource {
 			},
 
 			// Computed
+			"certificate_attribute": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"created": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"enabled": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+
+						"expires": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"not_before": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"recovery_level": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"updated": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+
 			"version": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -506,6 +544,10 @@ func resourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}
 		return fmt.Errorf("Error setting Key Vault Certificate Policy: %+v", err)
 	}
 
+	if err := d.Set("certificate_attribute", flattenKeyVaultCertificateAttribute(cert.Attributes)); err != nil {
+		return fmt.Errorf("setting Key Vault Certificate Attributes: %+v", err)
+	}
+
 	// Computed
 	d.Set("version", id.Version)
 	d.Set("secret_id", cert.Sid)
@@ -774,6 +816,43 @@ func flattenKeyVaultCertificatePolicy(input *keyvault.CertificatePolicy) []inter
 	return []interface{}{policy}
 }
 
+func flattenKeyVaultCertificateAttribute(input *keyvault.CertificateAttributes) []interface{} {
+	if input == nil {
+		return []interface{}{}
+	}
+
+	enabled := false
+	created := ""
+	expires := ""
+	notBefore := ""
+	updated := ""
+	if input.Enabled != nil {
+		enabled = *input.Enabled
+	}
+	if input.Created != nil {
+		created = time.Time(*input.Created).Format(time.RFC3339)
+	}
+	if input.Expires != nil {
+		expires = time.Time(*input.Expires).Format(time.RFC3339)
+	}
+	if input.NotBefore != nil {
+		notBefore = time.Time(*input.NotBefore).Format(time.RFC3339)
+	}
+	if input.Updated != nil {
+		updated = time.Time(*input.Updated).Format(time.RFC3339)
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"created":        created,
+			"enabled":        enabled,
+			"expires":        expires,
+			"not_before":     notBefore,
+			"recovery_level": string(input.RecoveryLevel),
+			"updated":        updated,
+		},
+	}
+}
+
 type KeyVaultCertificateImportParameters struct {
 	CertificateData     string
 	CertificatePassword string

azurerm/internal/services/keyvault/tests/key_vault_certificate_resource_test.go

@@ -112,6 +112,7 @@ func TestAccAzureRMKeyVaultCertificate_basicGenerate(t *testing.T) {
 					resource.TestCheckResourceAttrSet(data.ResourceName, "secret_id"),
 					resource.TestCheckResourceAttrSet(data.ResourceName, "certificate_data"),
 					resource.TestCheckResourceAttrSet(data.ResourceName, "thumbprint"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "certificate_attribute.0.created"),
 				),
 			},
 			data.ImportStep(),

website/docs/r/key_vault_certificate.html.markdown

@@ -327,6 +327,18 @@ The following attributes are exported:
 * `version` - The current version of the Key Vault Certificate.
 * `certificate_data` - The raw Key Vault Certificate data represented as a hexadecimal string.
 * `thumbprint` - The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
+* `certificate_attribute` - A `certificate_attribute` block as defined below.
+
+---
+
+A `certificate_attribute` block exports the following:
+
+* `created` - The create time of the Key Vault Certificate.
+* `enabled` - whether the Key Vault Certificate is enabled.
+* `expires` - The expires time of the Key Vault Certificate.
+* `not_before` - The not before valid time of the Key Vault Certificate.
+* `recovery_level` - The deletion recovery level of the Key Vault Certificate.
+* `updated` - The recent update time of the Key Vault Certificate.
 
 ## Timeouts