azurerm_key_vault_certificate return thumbprint as hex

[steve-hawkins]

this is off the back of #1851

will return the thumbprint in hex for certificates, much like the x509ThumbprintHex returned in the Azure CLI command:-

$ az keyvault certificate show --id ...

Can be used like:-

...

resource "azurerm_key_vault_certificate" "test" {
  name      = "generated-cert"
  vault_uri = "${azurerm_key_vault.test.vault_uri}"

  certificate_policy {
    issuer_parameters {
      name = "Self"
    }

    key_properties {
      exportable = true
      key_size   = 2048
      key_type   = "RSA"
      reuse_key  = true
    }

    lifetime_action {
      action {
        action_type = "AutoRenew"
      }

      trigger {
        days_before_expiry = 30
      }
    }

    secret_properties {
      content_type = "application/x-pkcs12"
    }

    x509_certificate_properties {
      key_usage = [
        "cRLSign",
        "dataEncipherment",
        "digitalSignature",
        "keyAgreement",
        "keyCertSign",
        "keyEncipherment",
      ]

      subject            = "CN=hello-world"
      validity_in_months = 12
    }
  }
}

output "thumbprint" {
  value = "${azurerm_key_vault_certificate.test.thumbprint}"
}

(fixes #1851)

[katbyte]

Hi @steve-hawkins,

Thank you for the PR adding this property, I have left two comments inline with the blocker being the nil check.

Look forward to getting this merged for you once that is resolved 🙂

[katbyte]

Could we get a nil check here?

if v := cert.X509Thumbprint; v != nil {
    x509Thumbprint, err := base64.RawURLEncoding.DecodeString(string(*v))

[katbyte]

very minor, but we could combine these two lines as such: d.Set("thumbprint", strings.ToUpper(hex.EncodeToString(x509Thumbprint)))

[steve-hawkins]

Hi @katbyte thanks for looking into this one

All updated

[tombuildsstuff]

hey @steve-hawkins

Thanks for this PR :)

I've taken a look through and this now LGTM - if we can add the documentation entry for this field we should be able to get this merged 👍

Thanks!

[tombuildsstuff]

I'm assuming the thumbprint is case insensitive?

[steve-hawkins]

I think the cluster will accept lowercase, I was trying to replicate as close as possible what the Azure CLI returns

[steve-hawkins]

@tombuildsstuff documentation has now been updated, thanks for the heads up as this will make it easier for my next PR which should be coming shortly

[katbyte]

Thanks for the quick updates @steve-hawkins, and noticing the missing docs @tombuildsstuff,

This LGTM now 💯

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!