Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_key_vault_secret - support for not_before_date and expiration_date #4873

Merged
merged 3 commits into from
Nov 19, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 60 additions & 8 deletions azurerm/resource_arm_key_vault_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"time"

"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
"github.com/Azure/go-autorest/autorest/date"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
Expand Down Expand Up @@ -72,6 +73,18 @@ func resourceArmKeyVaultSecret() *schema.Resource {
Optional: true,
},

"not_before_date": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validate.RFC3339Time,
},

"expiration_date": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validate.RFC3339Time,
},

"version": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -131,9 +144,22 @@ func resourceArmKeyVaultSecretCreate(d *schema.ResourceData, meta interface{}) e
t := d.Get("tags").(map[string]interface{})

parameters := keyvault.SecretSetParameters{
Value: utils.String(value),
ContentType: utils.String(contentType),
Tags: tags.Expand(t),
Value: utils.String(value),
ContentType: utils.String(contentType),
Tags: tags.Expand(t),
SecretAttributes: &keyvault.SecretAttributes{},
}

if v, ok := d.GetOk("not_before_date"); ok {
notBeforeDate, _ := time.Parse(time.RFC3339, v.(string)) //validated by schema
notBeforeUnixTime := date.UnixTime(notBeforeDate)
parameters.SecretAttributes.NotBefore = &notBeforeUnixTime
}

if v, ok := d.GetOk("expiration_date"); ok {
expirationDate, _ := time.Parse(time.RFC3339, v.(string)) //validated by schema
expirationUnixTime := date.UnixTime(expirationDate)
parameters.SecretAttributes.Expires = &expirationUnixTime
}

if _, err := client.SetSecret(ctx, keyVaultBaseUrl, name, parameters); err != nil {
Expand Down Expand Up @@ -188,12 +214,27 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
contentType := d.Get("content_type").(string)
t := d.Get("tags").(map[string]interface{})

secretAttributes := &keyvault.SecretAttributes{}

if v, ok := d.GetOk("not_before_date"); ok {
notBeforeDate, _ := time.Parse(time.RFC3339, v.(string)) //validated by schema
notBeforeUnixTime := date.UnixTime(notBeforeDate)
secretAttributes.NotBefore = &notBeforeUnixTime
}

if v, ok := d.GetOk("expiration_date"); ok {
expirationDate, _ := time.Parse(time.RFC3339, v.(string)) //validated by schema
expirationUnixTime := date.UnixTime(expirationDate)
secretAttributes.Expires = &expirationUnixTime
}

if d.HasChange("value") {
// for changing the value of the secret we need to create a new version
parameters := keyvault.SecretSetParameters{
Value: utils.String(value),
ContentType: utils.String(contentType),
Tags: tags.Expand(t),
Value: utils.String(value),
ContentType: utils.String(contentType),
Tags: tags.Expand(t),
SecretAttributes: secretAttributes,
}

if _, err = client.SetSecret(ctx, id.KeyVaultBaseUrl, id.Name, parameters); err != nil {
Expand All @@ -214,8 +255,9 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
d.SetId(*read.ID)
} else {
parameters := keyvault.SecretUpdateParameters{
ContentType: utils.String(contentType),
Tags: tags.Expand(t),
ContentType: utils.String(contentType),
Tags: tags.Expand(t),
SecretAttributes: secretAttributes,
}

if _, err = client.UpdateSecret(ctx, id.KeyVaultBaseUrl, id.Name, id.Version, parameters); err != nil {
Expand Down Expand Up @@ -280,6 +322,16 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err
d.Set("version", respID.Version)
d.Set("content_type", resp.ContentType)

if attributes := resp.Attributes; attributes != nil {
if v := attributes.NotBefore; v != nil {
d.Set("not_before_date", time.Time(*v).Format(time.RFC3339))
}

if v := attributes.Expires; v != nil {
d.Set("expiration_date", time.Time(*v).Format(time.RFC3339))
}
}

return tags.FlattenAndSet(d, resp.Tags)
}

Expand Down
12 changes: 8 additions & 4 deletions azurerm/resource_arm_key_vault_secret_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,8 @@ func TestAccAzureRMKeyVaultSecret_complete(t *testing.T) {
Config: config,
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMKeyVaultSecretExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "not_before_date", "2019-01-01T01:02:03Z"),
resource.TestCheckResourceAttr(resourceName, "expiration_date", "2020-01-01T01:02:03Z"),
resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
resource.TestCheckResourceAttr(resourceName, "tags.hello", "world"),
),
Expand Down Expand Up @@ -445,10 +447,12 @@ resource "azurerm_key_vault" "test" {
}

resource "azurerm_key_vault_secret" "test" {
name = "secret-%s"
value = "<rick><morty /></rick>"
key_vault_id = "${azurerm_key_vault.test.id}"
content_type = "application/xml"
name = "secret-%s"
value = "<rick><morty /></rick>"
key_vault_id = "${azurerm_key_vault.test.id}"
content_type = "application/xml"
not_before_date = "2019-01-01T01:02:03Z"
expiration_date = "2020-01-01T01:02:03Z"

tags = {
"hello" = "world"
Expand Down
6 changes: 5 additions & 1 deletion website/docs/r/key_vault_secret.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -81,14 +81,18 @@ The following arguments are supported:

* `value` - (Required) Specifies the value of the Key Vault Secret.

~> **Note:** Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with `\n` or by base 64 encoding them with `replace(file("my_secret_file"), "/\n/", "\n")` or `base64encode(file("my_secret_file"))`, respectively.
~> **Note:** Key Vault strips newlines. To preserve newlines in multi-line secrets try replacing them with `\n` or by base 64 encoding them with `replace(file("my_secret_file"), "/\n/", "\n")` or `base64encode(file("my_secret_file"))`, respectively.

* `key_vault_id` - (Required) The ID of the Key Vault where the Secret should be created.

* `content_type` - (Optional) Specifies the content type for the Key Vault Secret.

* `tags` - (Optional) A mapping of tags to assign to the resource.

* `not_before_date` - (Optional) Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').

* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z').

## Attributes Reference

The following attributes are exported:
Expand Down