-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_key_vault_secret
- support for not_before_date
and expiration_date
#4873
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,7 @@ import ( | |
"time" | ||
|
||
"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault" | ||
"github.com/Azure/go-autorest/autorest/date" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" | ||
|
@@ -72,6 +73,18 @@ func resourceArmKeyVaultSecret() *schema.Resource { | |
Optional: true, | ||
}, | ||
|
||
"not_before_date": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ValidateFunc: validate.RFC3339Time, | ||
}, | ||
|
||
"expiration_date": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ValidateFunc: validate.RFC3339Time, | ||
}, | ||
|
||
"version": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
|
@@ -131,9 +144,28 @@ func resourceArmKeyVaultSecretCreate(d *schema.ResourceData, meta interface{}) e | |
t := d.Get("tags").(map[string]interface{}) | ||
|
||
parameters := keyvault.SecretSetParameters{ | ||
Value: utils.String(value), | ||
ContentType: utils.String(contentType), | ||
Tags: tags.Expand(t), | ||
Value: utils.String(value), | ||
ContentType: utils.String(contentType), | ||
Tags: tags.Expand(t), | ||
SecretAttributes: &keyvault.SecretAttributes{}, | ||
} | ||
|
||
if v, ok := d.GetOk("not_before_date"); ok { | ||
notBeforeDate, err := time.Parse(time.RFC3339, v.(string)) | ||
if err != nil { | ||
return fmt.Errorf("error parsing `not_before_date` time: %s", err) | ||
} | ||
notBeforeUnixTime := date.UnixTime(notBeforeDate) | ||
parameters.SecretAttributes.NotBefore = ¬BeforeUnixTime | ||
} | ||
|
||
if v, ok := d.GetOk("expiration_date"); ok { | ||
expirationDate, err := time.Parse(time.RFC3339, v.(string)) | ||
if err != nil { | ||
return fmt.Errorf("error parsing `expiration_date` time: %s", err) | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. TestAccAzureRMPostgreSQLDatabase_collationWithHyphen |
||
expirationUnixTime := date.UnixTime(expirationDate) | ||
parameters.SecretAttributes.Expires = &expirationUnixTime | ||
} | ||
|
||
if _, err := client.SetSecret(ctx, keyVaultBaseUrl, name, parameters); err != nil { | ||
|
@@ -188,12 +220,33 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e | |
contentType := d.Get("content_type").(string) | ||
t := d.Get("tags").(map[string]interface{}) | ||
|
||
secretAttributes := &keyvault.SecretAttributes{} | ||
|
||
if v, ok := d.GetOk("not_before_date"); ok { | ||
notBeforeDate, err := time.Parse(time.RFC3339, v.(string)) | ||
if err != nil { | ||
return fmt.Errorf("error parsing `not_before_date` time: %s", err) | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. TestAccAzureRMPostgreSQLDatabase_collationWithHyphen |
||
notBeforeUnixTime := date.UnixTime(notBeforeDate) | ||
secretAttributes.NotBefore = ¬BeforeUnixTime | ||
} | ||
|
||
if v, ok := d.GetOk("expiration_date"); ok { | ||
expirationDate, err := time.Parse(time.RFC3339, v.(string)) | ||
if err != nil { | ||
return fmt.Errorf("error parsing `expiration_date` time: %s", err) | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. TestAccAzureRMPostgreSQLDatabase_collationWithHyphen |
||
expirationUnixTime := date.UnixTime(expirationDate) | ||
secretAttributes.Expires = &expirationUnixTime | ||
} | ||
|
||
if d.HasChange("value") { | ||
// for changing the value of the secret we need to create a new version | ||
parameters := keyvault.SecretSetParameters{ | ||
Value: utils.String(value), | ||
ContentType: utils.String(contentType), | ||
Tags: tags.Expand(t), | ||
Value: utils.String(value), | ||
ContentType: utils.String(contentType), | ||
Tags: tags.Expand(t), | ||
SecretAttributes: secretAttributes, | ||
} | ||
|
||
if _, err = client.SetSecret(ctx, id.KeyVaultBaseUrl, id.Name, parameters); err != nil { | ||
|
@@ -214,8 +267,9 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e | |
d.SetId(*read.ID) | ||
} else { | ||
parameters := keyvault.SecretUpdateParameters{ | ||
ContentType: utils.String(contentType), | ||
Tags: tags.Expand(t), | ||
ContentType: utils.String(contentType), | ||
Tags: tags.Expand(t), | ||
SecretAttributes: secretAttributes, | ||
} | ||
|
||
if _, err = client.UpdateSecret(ctx, id.KeyVaultBaseUrl, id.Name, id.Version, parameters); err != nil { | ||
|
@@ -280,6 +334,14 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err | |
d.Set("version", respID.Version) | ||
d.Set("content_type", resp.ContentType) | ||
|
||
if v := resp.Attributes.NotBefore; v != nil { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. good call, added a nil check for |
||
d.Set("not_before_date", time.Time(*v).Format(time.RFC3339)) | ||
} | ||
|
||
if v := resp.Attributes.Expires; v != nil { | ||
d.Set("expiration_date", time.Time(*v).Format(time.RFC3339)) | ||
} | ||
|
||
return tags.FlattenAndSet(d, resp.Tags) | ||
} | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -153,6 +153,9 @@ func TestAccAzureRMKeyVaultSecret_complete(t *testing.T) { | |
Config: config, | ||
Check: resource.ComposeTestCheckFunc( | ||
testCheckAzureRMKeyVaultSecretExists(resourceName), | ||
resource.TestCheckResourceAttr(resourceName, "not_before_date", "2019-01-01T01:02:03Z"), | ||
resource.TestCheckResourceAttr(resourceName, "expiration_date", "2020-01-01T01:02:03Z"), | ||
resource.TestCheckResourceAttr(resourceName, "tags.hello", "world"), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The same check is done just a couple lines below. Can we remove this one? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. whoops, removed! |
||
resource.TestCheckResourceAttr(resourceName, "tags.%", "1"), | ||
resource.TestCheckResourceAttr(resourceName, "tags.hello", "world"), | ||
), | ||
|
@@ -445,10 +448,12 @@ resource "azurerm_key_vault" "test" { | |
} | ||
|
||
resource "azurerm_key_vault_secret" "test" { | ||
name = "secret-%s" | ||
value = "<rick><morty /></rick>" | ||
key_vault_id = "${azurerm_key_vault.test.id}" | ||
content_type = "application/xml" | ||
name = "secret-%s" | ||
value = "<rick><morty /></rick>" | ||
key_vault_id = "${azurerm_key_vault.test.id}" | ||
content_type = "application/xml" | ||
not_before_date = "2019-01-01T01:02:03Z" | ||
expiration_date = "2020-01-01T01:02:03Z" | ||
|
||
tags = { | ||
"hello" = "world" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
technically we don't need to check for an error here because the validation function should catch all non valid time strings
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
makes sense, removed 👍