data source azurerm_key_vault_secrets, `azurerm_key_vault_certifica…

…tes` - expose certificates block (#20498)
hashicorp · Feb 16, 2023 · f8f678e · f8f678e
1 parent 81dbbf1
commit f8f678e
Show file tree

Hide file tree

Showing 6 changed files with 102 additions and 0 deletions.
diff --git a/internal/services/keyvault/key_vault_certificates_data_source.go b/internal/services/keyvault/key_vault_certificates_data_source.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse"
 	keyVaultValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate"
@@ -40,6 +42,29 @@ func dataSourceKeyVaultCertificates() *pluginsdk.Resource {
 				Optional: true,
 				Default:  true,
 			},
+
+			"certificates": {
+				Type:     pluginsdk.TypeList,
+				Computed: true,
+				Elem: &pluginsdk.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     pluginsdk.TypeString,
+							Computed: true,
+						},
+
+						"name": {
+							Type:     pluginsdk.TypeString,
+							Computed: true,
+						},
+
+						"enabled": {
+							Type:     pluginsdk.TypeBool,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -70,6 +95,7 @@ func dataSourceKeyVaultCertificatesRead(d *pluginsdk.ResourceData, meta interfac
 	d.SetId(keyVaultId.ID())
 
 	var names []string
+	var certs []map[string]interface{}
 	if certificateList.Response().Value != nil {
 		for certificateList.NotDone() {
 			for _, v := range *certificateList.Response().Value {
@@ -78,6 +104,7 @@ func dataSourceKeyVaultCertificatesRead(d *pluginsdk.ResourceData, meta interfac
 					return err
 				}
 				names = append(names, nestedItem.Name)
+				certs = append(certs, expandCertificate(nestedItem.Name, v))
 				err = certificateList.NextWithContext(ctx)
 				if err != nil {
 					return fmt.Errorf("retrieving next page of Certificates from %s: %+v", *keyVaultId, err)
@@ -87,7 +114,19 @@ func dataSourceKeyVaultCertificatesRead(d *pluginsdk.ResourceData, meta interfac
 	}
 
 	d.Set("names", names)
+	d.Set("certificates", certs)
 	d.Set("key_vault_id", keyVaultId.ID())
 
 	return nil
 }
+
+func expandCertificate(name string, item keyvault.CertificateItem) map[string]interface{} {
+	var cert = map[string]interface{}{
+		"name": name,
+		"id":   *item.ID,
+	}
+	if item.Attributes != nil && item.Attributes.Enabled != nil {
+		cert["enabled"] = *item.Attributes.Enabled
+	}
+	return cert
+}
diff --git a/internal/services/keyvault/key_vault_certificates_data_source_test.go b/internal/services/keyvault/key_vault_certificates_data_source_test.go
@@ -19,6 +19,7 @@ func TestAccDataSourceKeyVaultCertificates_basic(t *testing.T) {
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).Key("names.#").HasValue("31"),
+				check.That(data.ResourceName).Key("certificates.#").HasValue("31"),
 			),
 		},
 	})

diff --git a/internal/services/keyvault/key_vault_secrets_data_source.go b/internal/services/keyvault/key_vault_secrets_data_source.go
@@ -6,6 +6,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse"
 	keyVaultValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate"
@@ -36,6 +38,29 @@ func dataSourceKeyVaultSecrets() *pluginsdk.Resource {
 					Type: pluginsdk.TypeString,
 				},
 			},
+
+			"secrets": {
+				Type:     pluginsdk.TypeList,
+				Computed: true,
+				Elem: &pluginsdk.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     pluginsdk.TypeString,
+							Computed: true,
+						},
+
+						"name": {
+							Type:     pluginsdk.TypeString,
+							Computed: true,
+						},
+
+						"enabled": {
+							Type:     pluginsdk.TypeBool,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -64,6 +89,7 @@ func dataSourceKeyVaultSecretsRead(d *pluginsdk.ResourceData, meta interface{})
 	d.SetId(keyVaultId.ID())
 
 	var names []string
+	var secrets []map[string]interface{}
 
 	if secretList.Response().Value != nil {
 		for secretList.NotDone() {
@@ -73,6 +99,7 @@ func dataSourceKeyVaultSecretsRead(d *pluginsdk.ResourceData, meta interface{})
 					return err
 				}
 				names = append(names, *name)
+				secrets = append(secrets, expandSecrets(*name, v))
 				err = secretList.NextWithContext(ctx)
 				if err != nil {
 					return fmt.Errorf("listing secrets on Azure KeyVault %q: %+v", *keyVaultId, err)
@@ -82,6 +109,7 @@ func dataSourceKeyVaultSecretsRead(d *pluginsdk.ResourceData, meta interface{})
 	}
 
 	d.Set("names", names)
+	d.Set("secrets", secrets)
 	d.Set("key_vault_id", keyVaultId.ID())
 
 	return nil
@@ -99,3 +127,14 @@ func parseNameFromSecretUrl(input string) (*string, error) {
 	}
 	return &segments[2], nil
 }
+
+func expandSecrets(name string, item keyvault.SecretItem) map[string]interface{} {
+	res := map[string]interface{}{
+		"id":   *item.ID,
+		"name": name,
+	}
+	if item.Attributes != nil && item.Attributes.Enabled != nil {
+		res["enabled"] = *item.Attributes.Enabled
+	}
+	return res
+}
diff --git a/internal/services/keyvault/key_vault_secrets_data_source_test.go b/internal/services/keyvault/key_vault_secrets_data_source_test.go
@@ -19,6 +19,7 @@ func TestAccDataSourceKeyVaultSecrets_basic(t *testing.T) {
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).Key("names.#").HasValue("31"),
+				check.That(data.ResourceName).Key("secrets.#").HasValue("31"),
 			),
 		},
 	})

diff --git a/website/docs/d/key_vault_certificates.html.markdown b/website/docs/d/key_vault_certificates.html.markdown
@@ -42,6 +42,16 @@ In addition to the arguments above, the following attributes are exported:
 * `names` - List containing names of certificates that exist in this Key Vault.
 
 * `key_vault_id` - The Key Vault ID.
+
+* `certificates` - One or more `certificates` blocks as defined below.
+
+---
+
+A `certificates` block supports following:
+
+* `name` - The name of secret.
+
+* `enabled` - Whether this secret is enabled.
 
 ## Timeouts
 

diff --git a/website/docs/d/key_vault_secrets.html.markdown b/website/docs/d/key_vault_secrets.html.markdown
@@ -39,6 +39,18 @@ In addition to the Argument listed above - the following Attributes are exported
 
 * `names` - List containing names of secrets that exist in this Key Vault.
 
+* `secrets` - One or more `secrets` blocks as defined below.
+
+---
+
+A `secrets` block supports following:
+
+* `name` - The name of secret.
+
+* `enabled` - Whether this secret is enabled.
+
+* `id` - The ID of this secret.
+
 ## Timeouts
 
 The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: