From 0e8ff3f77a5fafa81af9a2cacb121232740b6be7 Mon Sep 17 00:00:00 2001 From: Tao <104055472+teowa@users.noreply.github.com> Date: Thu, 7 Sep 2023 07:54:46 -0700 Subject: [PATCH] `azurerm_key_vault_certificate` - point to new version when `certificate` is updated (#23135) * point to new version when import updated * update secret doc * fix doc char case --- .../keyvault/key_vault_certificate_resource.go | 11 +++++++++-- website/docs/r/key_vault_certificate.html.markdown | 6 +++--- website/docs/r/key_vault_key.html.markdown | 2 +- ...ult_managed_hardware_security_module.html.markdown | 2 +- website/docs/r/key_vault_secret.html.markdown | 4 ++-- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/internal/services/keyvault/key_vault_certificate_resource.go b/internal/services/keyvault/key_vault_certificate_resource.go index 93e5e5939637..f872971b34e7 100644 --- a/internal/services/keyvault/key_vault_certificate_resource.go +++ b/internal/services/keyvault/key_vault_certificate_resource.go @@ -605,9 +605,16 @@ func resourceKeyVaultCertificateUpdate(d *schema.ResourceData, meta interface{}) if err != nil { return err } - if resp.ID != nil { - d.SetId(id.ID()) + + if resp.ID == nil { + return fmt.Errorf("error: Certificate %q in Vault %q get nil ID from server", id.Name, id.KeyVaultBaseUrl) + } + + certificateId, err := parse.ParseNestedItemID(*resp.ID) + if err != nil { + return err } + d.SetId(certificateId.ID()) } } if d.HasChange("certificate_policy") { diff --git a/website/docs/r/key_vault_certificate.html.markdown b/website/docs/r/key_vault_certificate.html.markdown index 513d19f56c6d..ffb3cbf0bc53 100644 --- a/website/docs/r/key_vault_certificate.html.markdown +++ b/website/docs/r/key_vault_certificate.html.markdown @@ -11,7 +11,7 @@ description: |- Manages a Key Vault Certificate. -~> **Note:** the Azure Provider includes a Feature Toggle which will purge a Key Vault Certificate resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_certificates_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_certificates_on_destroy) for more information. +~> **Note:** The Azure Provider includes a Feature Toggle which will purge a Key Vault Certificate resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_certificates_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_certificates_on_destroy) for more information. ## Example Usage (Importing a PFX) @@ -236,9 +236,9 @@ The following arguments are supported: * `key_vault_id` - (Required) The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created. -* `certificate` - (Optional) A `certificate` block as defined below, used to Import an existing certificate. +* `certificate` - (Optional) A `certificate` block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. -* `certificate_policy` - (Optional) A `certificate_policy` block as defined below. Changing this forces a new resource to be created. +* `certificate_policy` - (Optional) A `certificate_policy` block as defined below. Changing this will create a new version of the Key Vault Certificate. ~> **NOTE:** When creating a Key Vault Certificate, at least one of `certificate` or `certificate_policy` is required. Provide `certificate` to import an existing certificate, `certificate_policy` to generate a new certificate. diff --git a/website/docs/r/key_vault_key.html.markdown b/website/docs/r/key_vault_key.html.markdown index 34c061f85469..4633b590a03b 100644 --- a/website/docs/r/key_vault_key.html.markdown +++ b/website/docs/r/key_vault_key.html.markdown @@ -15,7 +15,7 @@ Manages a Key Vault Key. ~> **Note:** To use this resource, your client should have RBAC roles with permissions like `Key Vault Crypto Officer` or `Key Vault Administrator` or an assigned Key Vault Access Policy with permissions `Create`,`Delete`,`Get`,`Purge`,`Recover`,`Update` and `GetRotationPolicy` for keys without Rotation Policy. Include `SetRotationPolicy` for keys with Rotation Policy. -~> **Note:** the Azure Provider includes a Feature Toggle which will purge a Key Vault Key resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_keys_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_keys_on_destroy) for more information. +~> **Note:** The Azure Provider includes a Feature Toggle which will purge a Key Vault Key resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_keys_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_keys_on_destroy) for more information. ## Example Usage diff --git a/website/docs/r/key_vault_managed_hardware_security_module.html.markdown b/website/docs/r/key_vault_managed_hardware_security_module.html.markdown index 2ddcdbb8e84d..06e26b7672e6 100644 --- a/website/docs/r/key_vault_managed_hardware_security_module.html.markdown +++ b/website/docs/r/key_vault_managed_hardware_security_module.html.markdown @@ -10,7 +10,7 @@ description: |- Manages a Key Vault Managed Hardware Security Module. -~> **Note:** the Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_hardware_security_modules_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_hardware_security_modules_on_destroy) for more information. +~> **Note:** The Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_hardware_security_modules_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_hardware_security_modules_on_destroy) for more information. ## Example Usage diff --git a/website/docs/r/key_vault_secret.html.markdown b/website/docs/r/key_vault_secret.html.markdown index d97d53b42dee..c6387f8e3731 100644 --- a/website/docs/r/key_vault_secret.html.markdown +++ b/website/docs/r/key_vault_secret.html.markdown @@ -14,7 +14,7 @@ Manages a Key Vault Secret. ~> **Note:** All arguments including the secret value will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html). -~> **Note:** the Azure Provider includes a Feature Toggle which will purge a Key Vault Secret resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_secrets_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_secrets_on_destroy) for more information. +~> **Note:** The Azure Provider includes a Feature Toggle which will purge a Key Vault Secret resource on destroy, rather than the default soft-delete. See [`purge_soft_deleted_secrets_on_destroy`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block#purge_soft_deleted_secrets_on_destroy) for more information. ## Example Usage @@ -75,7 +75,7 @@ The following arguments are supported: * `name` - (Required) Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created. -* `value` - (Required) Specifies the value of the Key Vault Secret. +* `value` - (Required) Specifies the value of the Key Vault Secret. Changing this will create a new version of the Key Vault Secret. ~> **Note:** Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with `\n` or by base 64 encoding them with `replace(file("my_secret_file"), "/\n/", "\n")` or `base64encode(file("my_secret_file"))`, respectively.