diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_resource.go b/azurerm/internal/services/keyvault/key_vault_certificate_resource.go index bcfab8c27d04..c002239b5cf8 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_resource.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_resource.go @@ -442,6 +442,13 @@ func keyVaultCertificateCreationRefreshFunc(ctx context.Context, client *keyvaul return nil, "", fmt.Errorf("Error issuing read request in keyVaultCertificateCreationRefreshFunc for Certificate %q in Vault %q: %s", name, keyVaultBaseUrl, err) } + if res.Policy != nil && + res.Policy.IssuerParameters != nil && + res.Policy.IssuerParameters.Name != nil && + strings.EqualFold(*(res.Policy.IssuerParameters.Name), "unknown") { + return res, "Ready", nil + } + if res.Sid == nil || *res.Sid == "" { return nil, "Provisioning", nil } diff --git a/azurerm/internal/services/keyvault/tests/key_vault_certificate_resource_test.go b/azurerm/internal/services/keyvault/tests/key_vault_certificate_resource_test.go index eb16c58b8d25..3d66b2748d34 100644 --- a/azurerm/internal/services/keyvault/tests/key_vault_certificate_resource_test.go +++ b/azurerm/internal/services/keyvault/tests/key_vault_certificate_resource_test.go @@ -118,6 +118,25 @@ func TestAccAzureRMKeyVaultCertificate_basicGenerate(t *testing.T) { }) } +func TestAccAzureRMKeyVaultCertificate_basicGenerateUnknownIssuer(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_key_vault_certificate", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMKeyVaultCertificateDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMKeyVaultCertificate_basicGenerateUnknownIssuer(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKeyVaultCertificateExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func TestAccAzureRMKeyVaultCertificate_softDeleteRecovery(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_key_vault_certificate", "test") @@ -560,6 +579,101 @@ resource "azurerm_key_vault_certificate" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString) } +func testAccAzureRMKeyVaultCertificate_basicGenerateUnknownIssuer(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +data "azurerm_client_config" "current" { +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_key_vault" "test" { + name = "acctestkeyvault%s" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + tenant_id = data.azurerm_client_config.current.tenant_id + + sku_name = "standard" + + access_policy { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id + + certificate_permissions = [ + "create", + "delete", + "get", + "update", + ] + + key_permissions = [ + "create", + ] + + secret_permissions = [ + "set", + ] + + storage_permissions = [ + "set", + ] + } +} + +resource "azurerm_key_vault_certificate" "test" { + name = "acctestcert%s" + key_vault_id = azurerm_key_vault.test.id + + certificate_policy { + issuer_parameters { + name = "Unknown" + } + + key_properties { + exportable = true + key_size = 2048 + key_type = "RSA" + reuse_key = true + } + + lifetime_action { + action { + action_type = "EmailContacts" + } + + trigger { + days_before_expiry = 30 + } + } + + secret_properties { + content_type = "application/x-pkcs12" + } + + x509_certificate_properties { + key_usage = [ + "cRLSign", + "dataEncipherment", + "digitalSignature", + "keyAgreement", + "keyCertSign", + "keyEncipherment", + ] + + subject = "CN=hello-world" + validity_in_months = 12 + } + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString) +} + func testAccAzureRMKeyVaultCertificate_basicGenerateSans(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" {