From d10dfc7776156fa15c9ca33b38e9e754aa2e0260 Mon Sep 17 00:00:00 2001 From: jackofallops Date: Wed, 10 Jun 2020 15:06:01 +0100 Subject: [PATCH 1/5] added kv cert ds, tests and docs --- .../key_vault_certificate_data_source.go | 290 ++++++++++++++++++ .../services/keyvault/registration.go | 1 + .../key_vault_certificate_data_source_test.go | 40 +++ website/azurerm.erb | 4 + .../d/key_vault_certificate.html.markdown | 107 +++++++ 5 files changed, 442 insertions(+) create mode 100644 azurerm/internal/services/keyvault/key_vault_certificate_data_source.go create mode 100644 azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go create mode 100644 website/docs/d/key_vault_certificate.html.markdown diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go b/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go new file mode 100644 index 000000000000..d6739f262ff2 --- /dev/null +++ b/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go @@ -0,0 +1,290 @@ +package keyvault + +import ( + "encoding/base64" + "encoding/hex" + "fmt" + "log" + "strings" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func dataSourceArmKeyVaultCertificate() *schema.Resource { + return &schema.Resource{ + Read: dataSourceArmKeyVaultCertificateRead, + + Timeouts: &schema.ResourceTimeout{ + Read: schema.DefaultTimeout(5 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: azure.ValidateKeyVaultChildName, + }, + + "key_vault_id": { + Type: schema.TypeString, + Required: true, + ValidateFunc: azure.ValidateResourceID, + }, + + "version": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + + // Computed + "certificate_policy": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "issuer_parameters": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "key_properties": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "exportable": { + Type: schema.TypeBool, + Computed: true, + }, + "key_size": { + Type: schema.TypeInt, + Computed: true, + }, + "key_type": { + Type: schema.TypeString, + Computed: true, + }, + "reuse_key": { + Type: schema.TypeBool, + Computed: true, + }, + }, + }, + }, + + "lifetime_action": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action_type": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "trigger": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "days_before_expiry": { + Type: schema.TypeInt, + Computed: true, + }, + "lifetime_percentage": { + Type: schema.TypeInt, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + + "secret_properties": { + Type: schema.TypeList, + Required: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "content_type": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + + "x509_certificate_properties": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "extended_key_usage": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "key_usage": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "subject": { + Type: schema.TypeString, + Computed: true, + }, + "subject_alternative_names": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "emails": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Set: schema.HashString, + }, + "dns_names": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Set: schema.HashString, + }, + "upns": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Set: schema.HashString, + }, + }, + }, + }, + "validity_in_months": { + Type: schema.TypeInt, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + + "secret_id": { + Type: schema.TypeString, + Computed: true, + }, + + "certificate_data": { + Type: schema.TypeString, + Computed: true, + }, + + "thumbprint": { + Type: schema.TypeString, + Computed: true, + }, + + "tags": tags.SchemaDataSource(), + }, + } +} + +func dataSourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}) error { + vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + client := meta.(*clients.Client).KeyVault.ManagementClient + ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) + defer cancel() + + name := d.Get("name").(string) + keyVaultId := d.Get("key_vault_id").(string) + version := d.Get("version").(string) + + keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + if err != nil { + return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultId, err) + } + + cert, err := client.GetCertificate(ctx, keyVaultBaseUri, name, version) + if err != nil { + if utils.ResponseWasNotFound(cert.Response) { + log.Printf("[DEBUG] Certificate %q was not found in Key Vault at URI %q - removing from state", name, keyVaultBaseUri) + d.SetId("") + return nil + } + + return fmt.Errorf("Error reading Key Vault Certificate: %+v", err) + } + + if cert.ID == nil || *cert.ID == "" { + return fmt.Errorf("failure reading Key Vault Certificate ID for %q", name) + } + + d.SetId(*cert.ID) + + id, err := azure.ParseKeyVaultChildID(*cert.ID) + if err != nil { + return err + } + + d.Set("name", id.Name) + + certificatePolicy := flattenKeyVaultCertificatePolicy(cert.Policy) + if err := d.Set("certificate_policy", certificatePolicy); err != nil { + return fmt.Errorf("Error setting Key Vault Certificate Policy: %+v", err) + } + + d.Set("version", id.Version) + d.Set("secret_id", cert.Sid) + + certificateData := "" + if contents := cert.Cer; contents != nil { + certificateData = strings.ToUpper(hex.EncodeToString(*contents)) + } + d.Set("certificate_data", certificateData) + + thumbprint := "" + if v := cert.X509Thumbprint; v != nil { + x509Thumbprint, err := base64.RawURLEncoding.DecodeString(*v) + if err != nil { + return err + } + + thumbprint = strings.ToUpper(hex.EncodeToString(x509Thumbprint)) + } + d.Set("thumbprint", thumbprint) + + return tags.FlattenAndSet(d, cert.Tags) +} diff --git a/azurerm/internal/services/keyvault/registration.go b/azurerm/internal/services/keyvault/registration.go index d21e83053cac..3aa7c37d67d6 100644 --- a/azurerm/internal/services/keyvault/registration.go +++ b/azurerm/internal/services/keyvault/registration.go @@ -22,6 +22,7 @@ func (r Registration) WebsiteCategories() []string { func (r Registration) SupportedDataSources() map[string]*schema.Resource { return map[string]*schema.Resource{ "azurerm_key_vault_access_policy": dataSourceArmKeyVaultAccessPolicy(), + "azurerm_key_vault_certificate": dataSourceArmKeyVaultCertificate(), "azurerm_key_vault_key": dataSourceArmKeyVaultKey(), "azurerm_key_vault_secret": dataSourceArmKeyVaultSecret(), "azurerm_key_vault": dataSourceArmKeyVault(), diff --git a/azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go b/azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go new file mode 100644 index 000000000000..4b6973fb47cf --- /dev/null +++ b/azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go @@ -0,0 +1,40 @@ +package tests + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" +) + +func TestAccDataSourceAzureRMKeyVaultCertificate_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_key_vault_certificate", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceAzureRMKeyVaultCertificate_basic(data), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(data.ResourceName, "certificate_data"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.key_properties.0.key_size", "2048"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.key_properties.0.key_type", "RSA"), + ), + }, + }, + }) +} + +func testAccDataSourceAzureRMKeyVaultCertificate_basic(data acceptance.TestData) string { + template := testAccAzureRMKeyVaultCertificate_basicImportPFX(data) + return fmt.Sprintf(` +%s + +data "azurerm_key_vault_certificate" "test" { + name = azurerm_key_vault_certificate.test.name + key_vault_id = azurerm_key_vault.test.id +} +`, template) +} diff --git a/website/azurerm.erb b/website/azurerm.erb index 9930795058e4..b9c1199dc4e9 100644 --- a/website/azurerm.erb +++ b/website/azurerm.erb @@ -293,6 +293,10 @@ azurerm_key_vault_access_policy +
  • + azurerm_key_vault_certificate +
    • +
  • azurerm_key_vault_key
    • diff --git a/website/docs/d/key_vault_certificate.html.markdown b/website/docs/d/key_vault_certificate.html.markdown new file mode 100644 index 000000000000..f2d7f8fa4b77 --- /dev/null +++ b/website/docs/d/key_vault_certificate.html.markdown @@ -0,0 +1,107 @@ +--- +subcategory: "Key Vault" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_key_vault_certificate" +description: |- + Gets information about an existing Key Vault Certificate. +--- + +# Data Source: azurerm_key_vault_secret + +Use this data source to access information about an existing Key Vault Certificate. + +~> **Note:** All arguments including the secret value will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + +## Example Usage + +```hcl +data "azurerm_key_vault_certificate" "example" { + name = "secret-sauce" + key_vault_id = data.azurerm_key_vault.existing.id +} + +output "certificate_thumbprint" { + value = data.azurerm_key_vault_certificate.example.thumbprint +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - Specifies the name of the Key Vault Secret. + +* `key_vault_id` - Specifies the ID of the Key Vault instance where the Secret resides, available on the `azurerm_key_vault` Data Source / Resource. + +* `version` - (Optional) Specifies the version of the certificate to look up. (Defaults to latest) + +**NOTE:** The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription. + +## Attributes Reference + +The following attributes are exported: + +* `certificate_policy` - A `certificate_policy` block as defined below. + +* `tags` - A mapping of tags to assign to the resource. + +--- + +`certificate_policy` exports the following: + +* `issuer_parameters` - A `issuer_parameters` block as defined below. +* `key_properties` - A `key_properties` block as defined below. +* `lifetime_action` - A `lifetime_action` block as defined below. +* `secret_properties` - A `secret_properties` block as defined below. +* `x509_certificate_properties` - An `x509_certificate_properties` block as defined below. + +`issuer_parameters` exports the following: + +* `name` - The name of the Certificate Issuer. + +`key_properties` exports the following: + +* `exportable` - Is this Certificate Exportable? +* `key_size` - The size of the Key used in the Certificate. +* `key_type` - Specifies the Type of Key, for example `RSA`. +* `reuse_key` - Is the key reusable? + +`lifetime_action` supports the following: + +* `action` - A `action` block as defined below. +* `trigger` - A `trigger` block as defined below. + +`action` supports the following: + +* `action_type` - The Type of action to be performed when the lifetime trigger is triggerec. + +`trigger` exports the following: + +* `days_before_expiry` - The number of days before the Certificate expires that the action associated with this Trigger should run. +* `lifetime_percentage` - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. + +`secret_properties` exports the following: + +* `content_type` - The Content-Type of the Certificate, for example `application/x-pkcs12` for a PFX or `application/x-pem-file` for a PEM. + +`x509_certificate_properties` exports the following: + +* `extended_key_usage` - A list of Extended/Enhanced Key Usages. +* `key_usage` - A list of uses associated with this Key. +* `subject` - The Certificate's Subject. +* `subject_alternative_names` - A `subject_alternative_names` block as defined below. +* `validity_in_months` - The Certificates Validity Period in Months. + +`subject_alternative_names` exports the following: + +* `dns_names` - A list of alternative DNS names (FQDNs) identified by the Certificate. +* `emails` - A list of email addresses identified by this Certificate. +* `upns` - A list of User Principal Names identified by the Certificate. + + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: + +* `read` - (Defaults to 5 minutes) Used when retrieving the Key Vault Certificate. From b2faa2a65cb903782d569332e2bf30c873fb575d Mon Sep 17 00:00:00 2001 From: jackofallops Date: Wed, 10 Jun 2020 16:07:32 +0100 Subject: [PATCH 2/5] additional test for generated cert --- .../key_vault_certificate_data_source_test.go | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go b/azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go index 4b6973fb47cf..6a7fc7199fdb 100644 --- a/azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go +++ b/azurerm/internal/services/keyvault/tests/key_vault_certificate_data_source_test.go @@ -27,6 +27,33 @@ func TestAccDataSourceAzureRMKeyVaultCertificate_basic(t *testing.T) { }) } +func TestAccDataSourceAzureRMKeyVaultCertificate_generated(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_key_vault_certificate", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceAzureRMKeyVaultCertificate_generated(data), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(data.ResourceName, "certificate_data"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.issuer_parameters.0.name", "Self"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.key_properties.0.exportable", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.key_properties.0.key_size", "2048"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.key_properties.0.key_type", "RSA"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.key_properties.0.reuse_key", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.lifetime_action.0.action.0.action_type", "AutoRenew"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.lifetime_action.0.trigger.0.days_before_expiry", "30"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.secret_properties.0.content_type", "application/x-pkcs12"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.x509_certificate_properties.0.subject", "CN=hello-world"), + resource.TestCheckResourceAttr(data.ResourceName, "certificate_policy.0.x509_certificate_properties.0.validity_in_months", "12"), + ), + }, + }, + }) +} + func testAccDataSourceAzureRMKeyVaultCertificate_basic(data acceptance.TestData) string { template := testAccAzureRMKeyVaultCertificate_basicImportPFX(data) return fmt.Sprintf(` @@ -38,3 +65,15 @@ data "azurerm_key_vault_certificate" "test" { } `, template) } + +func testAccDataSourceAzureRMKeyVaultCertificate_generated(data acceptance.TestData) string { + template := testAccAzureRMKeyVaultCertificate_basicGenerate(data) + return fmt.Sprintf(` +%s + +data "azurerm_key_vault_certificate" "test" { + name = azurerm_key_vault_certificate.test.name + key_vault_id = azurerm_key_vault.test.id +} +`, template) +} From cc561da44276f2faf035c3c496fabef06391e6b8 Mon Sep 17 00:00:00 2001 From: jackofallops Date: Thu, 11 Jun 2020 09:32:38 +0100 Subject: [PATCH 3/5] updated schema sets to lists --- .../key_vault_certificate_data_source.go | 106 ++++++++++++++++-- 1 file changed, 99 insertions(+), 7 deletions(-) diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go b/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go index d6739f262ff2..b27c31438aa1 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go @@ -8,6 +8,7 @@ import ( "strings" "time" + "github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" @@ -165,28 +166,25 @@ func dataSourceArmKeyVaultCertificate() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "emails": { - Type: schema.TypeSet, + Type: schema.TypeList, Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, }, - Set: schema.HashString, }, "dns_names": { - Type: schema.TypeSet, + Type: schema.TypeList, Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, }, - Set: schema.HashString, }, "upns": { - Type: schema.TypeSet, + Type: schema.TypeList, Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, }, - Set: schema.HashString, }, }, }, @@ -261,7 +259,7 @@ func dataSourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface d.Set("name", id.Name) - certificatePolicy := flattenKeyVaultCertificatePolicy(cert.Policy) + certificatePolicy := flattenKeyVaultCertificatePolicyForDataSource(cert.Policy) if err := d.Set("certificate_policy", certificatePolicy); err != nil { return fmt.Errorf("Error setting Key Vault Certificate Policy: %+v", err) } @@ -288,3 +286,97 @@ func dataSourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface return tags.FlattenAndSet(d, cert.Tags) } + +func flattenKeyVaultCertificatePolicyForDataSource(input *keyvault.CertificatePolicy) []interface{} { + policy := make(map[string]interface{}) + + if params := input.IssuerParameters; params != nil { + issuerParams := make(map[string]interface{}) + issuerParams["name"] = *params.Name + policy["issuer_parameters"] = []interface{}{issuerParams} + } + + // key properties + if props := input.KeyProperties; props != nil { + keyProps := make(map[string]interface{}) + keyProps["exportable"] = *props.Exportable + keyProps["key_size"] = int(*props.KeySize) + keyProps["key_type"] = *props.KeyType + keyProps["reuse_key"] = *props.ReuseKey + + policy["key_properties"] = []interface{}{keyProps} + } + + // lifetime actions + lifetimeActions := make([]interface{}, 0) + if actions := input.LifetimeActions; actions != nil { + for _, action := range *actions { + lifetimeAction := make(map[string]interface{}) + + actionOutput := make(map[string]interface{}) + if act := action.Action; act != nil { + actionOutput["action_type"] = string(act.ActionType) + } + lifetimeAction["action"] = []interface{}{actionOutput} + + triggerOutput := make(map[string]interface{}) + if trigger := action.Trigger; trigger != nil { + if days := trigger.DaysBeforeExpiry; days != nil { + triggerOutput["days_before_expiry"] = int(*trigger.DaysBeforeExpiry) + } + + if days := trigger.LifetimePercentage; days != nil { + triggerOutput["lifetime_percentage"] = int(*trigger.LifetimePercentage) + } + } + lifetimeAction["trigger"] = []interface{}{triggerOutput} + lifetimeActions = append(lifetimeActions, lifetimeAction) + } + } + policy["lifetime_action"] = lifetimeActions + + // secret properties + if props := input.SecretProperties; props != nil { + keyProps := make(map[string]interface{}) + keyProps["content_type"] = *props.ContentType + + policy["secret_properties"] = []interface{}{keyProps} + } + + // x509 Certificate Properties + if props := input.X509CertificateProperties; props != nil { + certProps := make(map[string]interface{}) + + usages := make([]string, 0) + for _, usage := range *props.KeyUsage { + usages = append(usages, string(usage)) + } + + sanOutputs := make([]interface{}, 0) + if san := props.SubjectAlternativeNames; san != nil { + sanOutput := make(map[string]interface{}) + if emails := san.Emails; emails != nil { + sanOutput["emails"] = *emails + } + if dnsNames := san.DNSNames; dnsNames != nil { + sanOutput["dns_names"] = *dnsNames + } + if upns := san.Upns; upns != nil { + sanOutput["upns"] = *upns + } + + sanOutputs = append(sanOutputs, sanOutput) + } + + certProps["key_usage"] = usages + certProps["subject"] = *props.Subject + certProps["validity_in_months"] = int(*props.ValidityInMonths) + if props.Ekus != nil { + certProps["extended_key_usage"] = props.Ekus + } + certProps["subject_alternative_names"] = sanOutputs + policy["x509_certificate_properties"] = []interface{}{certProps} + } + + return []interface{}{policy} +} From 259074de2331fd487663af1a7911e05ad94ad7bb Mon Sep 17 00:00:00 2001 From: jackofallops Date: Thu, 11 Jun 2020 09:59:20 +0100 Subject: [PATCH 4/5] doc fixes --- .../d/key_vault_certificate.html.markdown | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/website/docs/d/key_vault_certificate.html.markdown b/website/docs/d/key_vault_certificate.html.markdown index f2d7f8fa4b77..5440130abd8f 100644 --- a/website/docs/d/key_vault_certificate.html.markdown +++ b/website/docs/d/key_vault_certificate.html.markdown @@ -16,9 +16,14 @@ Use this data source to access information about an existing Key Vault Certifica ## Example Usage ```hcl +data "azurerm_key_vault" "example" { + name = "examplekv" + resource_group_name = "some-resource-group" +} + data "azurerm_key_vault_certificate" "example" { name = "secret-sauce" - key_vault_id = data.azurerm_key_vault.existing.id + key_vault_id = data.azurerm_key_vault.example.id } output "certificate_thumbprint" { @@ -56,10 +61,14 @@ The following attributes are exported: * `secret_properties` - A `secret_properties` block as defined below. * `x509_certificate_properties` - An `x509_certificate_properties` block as defined below. +--- + `issuer_parameters` exports the following: * `name` - The name of the Certificate Issuer. +--- + `key_properties` exports the following: * `exportable` - Is this Certificate Exportable? @@ -67,24 +76,34 @@ The following attributes are exported: * `key_type` - Specifies the Type of Key, for example `RSA`. * `reuse_key` - Is the key reusable? -`lifetime_action` supports the following: +--- + +`lifetime_action` exports the following: * `action` - A `action` block as defined below. * `trigger` - A `trigger` block as defined below. +--- + `action` supports the following: * `action_type` - The Type of action to be performed when the lifetime trigger is triggerec. +--- + `trigger` exports the following: * `days_before_expiry` - The number of days before the Certificate expires that the action associated with this Trigger should run. * `lifetime_percentage` - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. +--- + `secret_properties` exports the following: * `content_type` - The Content-Type of the Certificate, for example `application/x-pkcs12` for a PFX or `application/x-pem-file` for a PEM. +--- + `x509_certificate_properties` exports the following: * `extended_key_usage` - A list of Extended/Enhanced Key Usages. @@ -93,6 +112,8 @@ The following attributes are exported: * `subject_alternative_names` - A `subject_alternative_names` block as defined below. * `validity_in_months` - The Certificates Validity Period in Months. +--- + `subject_alternative_names` exports the following: * `dns_names` - A list of alternative DNS names (FQDNs) identified by the Certificate. From 18a1eb4202affb17b32637d018587bfce916a6c2 Mon Sep 17 00:00:00 2001 From: jackofallops Date: Thu, 11 Jun 2020 10:23:07 +0100 Subject: [PATCH 5/5] additional doc fixes --- website/docs/d/key_vault_certificate.html.markdown | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/website/docs/d/key_vault_certificate.html.markdown b/website/docs/d/key_vault_certificate.html.markdown index 5440130abd8f..f929051349ba 100644 --- a/website/docs/d/key_vault_certificate.html.markdown +++ b/website/docs/d/key_vault_certificate.html.markdown @@ -85,7 +85,7 @@ The following attributes are exported: --- -`action` supports the following: +`action` exports the following: * `action_type` - The Type of action to be performed when the lifetime trigger is triggerec. @@ -120,7 +120,6 @@ The following attributes are exported: * `emails` - A list of email addresses identified by this Certificate. * `upns` - A list of User Principal Names identified by the Certificate. - ## Timeouts The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: