Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_nginx_certificate Updating to Support Azure Key Vault Certificates #21302

Open
1 task done
hsteckylf opened this issue Apr 5, 2023 · 1 comment
Open
1 task done

azurerm_nginx_certificate Updating to Support Azure Key Vault Certificates #21302

hsteckylf opened this issue Apr 5, 2023 · 1 comment
Labels
enhancement service/nginx

Comments

@hsteckylf
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The azurerm_nginx_certificate resource requires a key_vault_secret_id. Azure has deprecated the support for storing TLS certificates as a Key Vault Secret as there is now a dedicated Key Vault Certificate object.

The Azure NGINXaaS implementation has been updated to require Azure Key Vault Certificates but this provider's azurerm_nginx_certificate module has not. This breaks the ability to deploy NGINXaaS with a certificate using this provider.

New or Affected Resource(s)/Data Source(s)

azurerm_nginx_certificate

Potential Terraform Configuration

resource "azurerm_nginx_certificate" "test" {
  name                     = "examplecert"
  nginx_deployment_id      = azurerm_nginx_deployment.test.id
  key_virtual_path         = "/src/cert/soservermekey.key"
  certificate_virtual_path = "/src/cert/server.cert"
  key_vault_certificate_id = azurerm_key_vault_certificate.test.id
}

References

No response
@puneetsarna
Copy link
Contributor

Hi @hsteckylf

Thanks for raising this issue. I see that there is slight confusion in how a certificate gets used in NGINXaaS for Azure. We allow users to reference a certificate object in the argument key_vault_secret_id. Can you please try the following example:

resource "azurerm_nginx_certificate" "example" {
  name                     = var.name
  nginx_deployment_id      = azurerm_nginx_deployment.example.id
  key_virtual_path         = "/etc/nginx/ssl/test.key"
  certificate_virtual_path = "/etc/nginx/ssl/test.crt"
  key_vault_secret_id      = azurerm_key_vault_certificate.example.secret_id
}

The example shows you that a deployment is referencing the secret ID of the corresponding certificate object. Please reach out if you see any issues in running the above example.

Here's an elaborate terraform code for reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/nginx
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hsteckylf @mybayern1974 @puneetsarna