azurerm_spring_cloud_configuration_service - support for the `ca_ce…

…rtificate_id` property (#22814) * `azurerm_spring_cloud_configuration_service` - support for the `ca_certificate_id` property * update * Update website/docs/r/spring_cloud_configuration_service.html.markdown Co-authored-by: Tom Harvey <tombuildsstuff@users.noreply.github.com> * update --------- Co-authored-by: Tom Harvey <tombuildsstuff@users.noreply.github.com>
hashicorp · Aug 7, 2023 · d11bb17 · d11bb17
1 parent 68c9853
commit d11bb17
Show file tree

Hide file tree

Showing 3 changed files with 162 additions and 3 deletions.
diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource.go b/internal/services/springcloud/spring_cloud_configuration_service_resource.go
@@ -102,6 +102,12 @@ func resourceSpringCloudConfigurationService() *pluginsdk.Resource {
 							ValidateFunc: validation.StringIsNotEmpty,
 						},
 
+						"ca_certificate_id": {
+							Type:         pluginsdk.TypeString,
+							Optional:     true,
+							ValidateFunc: validate.SpringCloudCertificateID,
+						},
+
 						"host_key": {
 							Type:         pluginsdk.TypeString,
 							Optional:     true,
@@ -258,7 +264,7 @@ func expandConfigurationServiceConfigurationServiceGitRepositoryArray(input []in
 	results := make([]appplatform.ConfigurationServiceGitRepository, 0)
 	for _, item := range input {
 		v := item.(map[string]interface{})
-		results = append(results, appplatform.ConfigurationServiceGitRepository{
+		repo := appplatform.ConfigurationServiceGitRepository{
 			Name:                  utils.String(v["name"].(string)),
 			Patterns:              utils.ExpandStringSlice(v["patterns"].(*pluginsdk.Set).List()),
 			URI:                   utils.String(v["uri"].(string)),
@@ -270,7 +276,11 @@ func expandConfigurationServiceConfigurationServiceGitRepositoryArray(input []in
 			HostKeyAlgorithm:      utils.String(v["host_key_algorithm"].(string)),
 			PrivateKey:            utils.String(v["private_key"].(string)),
 			StrictHostKeyChecking: utils.Bool(v["strict_host_key_checking"].(bool)),
-		})
+		}
+		if caCertificatedId := v["ca_certificate_id"].(string); caCertificatedId != "" {
+			repo.CaCertResourceID = utils.String(caCertificatedId)
+		}
+		results = append(results, repo)
 	}
 	return &results
 }
@@ -330,7 +340,16 @@ func flattenConfigurationServiceConfigurationServiceGitRepositoryArray(input *[]
 				username = value.(string)
 			}
 		}
+
+		var caCertificateId string
+		if item.CaCertResourceID != nil {
+			certificatedId, err := parse.SpringCloudCertificateIDInsensitively(*item.CaCertResourceID)
+			if err == nil {
+				caCertificateId = certificatedId.ID()
+			}
+		}
 		results = append(results, map[string]interface{}{
+			"ca_certificate_id":        caCertificateId,
 			"name":                     name,
 			"label":                    label,
 			"patterns":                 utils.FlattenStringSlice(item.Patterns),

diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go
@@ -112,7 +112,8 @@ func TestAccSpringCloudConfigurationService_generation(t *testing.T) {
 				check.That(data.ResourceName).ExistsInAzure(r),
 			),
 		},
-		data.ImportStep(), {
+		data.ImportStep(),
+		{
 			Config: r.generation(data, "Gen2"),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
@@ -122,6 +123,20 @@ func TestAccSpringCloudConfigurationService_generation(t *testing.T) {
 	})
 }
 
+func TestAccSpringCloudConfigurationService_caCertificateId(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_spring_cloud_configuration_service", "test")
+	r := SpringCloudConfigurationServiceResource{}
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.caCertificateId(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (r SpringCloudConfigurationServiceResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := parse.SpringCloudConfigurationServiceID(state.ID)
 	if err != nil {
@@ -238,3 +253,126 @@ resource "azurerm_spring_cloud_configuration_service" "test" {
 }
 `, template, generation)
 }
+
+func (r SpringCloudConfigurationServiceResource) caCertificateId(data acceptance.TestData) string {
+	template := r.template(data)
+	return fmt.Sprintf(`
+%s
+
+
+data "azurerm_client_config" "current" {
+}
+
+data "azuread_service_principal" "test" {
+  display_name = "Azure Spring Cloud Resource Provider"
+}
+
+resource "azurerm_key_vault" "test" {
+  name                = "acctest-kv-%[2]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "standard"
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+
+    secret_permissions = [
+      "Set",
+    ]
+
+    certificate_permissions = [
+      "Create",
+      "Delete",
+      "Get",
+      "Purge",
+      "Update",
+    ]
+  }
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azuread_service_principal.test.object_id
+
+    secret_permissions = [
+      "Get",
+      "List",
+    ]
+
+    certificate_permissions = [
+      "Get",
+      "List",
+    ]
+  }
+}
+
+resource "azurerm_key_vault_certificate" "test" {
+  name         = "acctest-cert-%[2]d"
+  key_vault_id = azurerm_key_vault.test.id
+
+  certificate_policy {
+    issuer_parameters {
+      name = "Self"
+    }
+
+    key_properties {
+      exportable = true
+      key_size   = 2048
+      key_type   = "RSA"
+      reuse_key  = true
+    }
+
+    lifetime_action {
+      action {
+        action_type = "AutoRenew"
+      }
+
+      trigger {
+        days_before_expiry = 30
+      }
+    }
+
+    secret_properties {
+      content_type = "application/x-pkcs12"
+    }
+
+    x509_certificate_properties {
+      key_usage = [
+        "cRLSign",
+        "dataEncipherment",
+        "digitalSignature",
+        "keyAgreement",
+        "keyCertSign",
+        "keyEncipherment",
+      ]
+
+      subject            = "CN=contoso.com"
+      validity_in_months = 12
+    }
+  }
+}
+
+
+resource "azurerm_spring_cloud_certificate" "test" {
+  name                     = "acctest-scc-%[2]d"
+  resource_group_name      = azurerm_spring_cloud_service.test.resource_group_name
+  service_name             = azurerm_spring_cloud_service.test.name
+  key_vault_certificate_id = azurerm_key_vault_certificate.test.id
+  exclude_private_key      = true
+}
+
+resource "azurerm_spring_cloud_configuration_service" "test" {
+  name                    = "default"
+  spring_cloud_service_id = azurerm_spring_cloud_service.test.id
+  generation              = "Gen2"
+  repository {
+    name              = "fake"
+    label             = "master"
+    patterns          = ["app/dev"]
+    uri               = "https://github.com/Azure-Samples/piggymetrics"
+    ca_certificate_id = azurerm_spring_cloud_certificate.test.id
+  }
+}
+`, template, data.RandomIntOfLength(10))
+}
diff --git a/website/docs/r/spring_cloud_configuration_service.html.markdown b/website/docs/r/spring_cloud_configuration_service.html.markdown
@@ -73,6 +73,8 @@ A `repository` block supports the following:
 
 * `uri` - (Required) Specifies the URI of the repository.
 
+* `ca_certificate_id` - (Optional) Specifies the ID of the Certificate Authority used when retrieving the Git Repository via HTTPS.
+
 * `host_key` - (Optional) Specifies the SSH public key of git repository.
 
 * `host_key_algorithm` - (Optional) Specifies the SSH key algorithm of git repository.