Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Thumbprint is not provided as an attribute for azurerm_key_vault_certificate #1851

Closed
ghost opened this issue Aug 30, 2018 · 6 comments · Fixed by #1904
Closed

Thumbprint is not provided as an attribute for azurerm_key_vault_certificate #1851

ghost opened this issue Aug 30, 2018 · 6 comments · Fixed by #1904

Comments

@ghost
Copy link

ghost commented Aug 30, 2018

This issue was originally opened by @oliver-hermann as hashicorp/terraform#18768. It was migrated here as a result of the provider split. The original body of the issue is below.


Hello,

I'm currently setting up a terraform script which involves creating a Service Fabric Cluster via AzureRM (azurerm_service_fabric_cluster). I also need two certificates for the cluster, but creating a certificate through Terraforms AzureRM interface (azurerm_key_vault_certificate) doesn't yield a thumbprint of the certificate, which is necessary for the Service Fabric Cluster.

So now I'm wondering, is this a missing feature of azurerm_key_vault_certificate? Or am I overlooking something?

I am aware of the possibility to get the thumbprint outside of the script, via Powershell for example. I'm looking for a way to have the whole deployment contained within my Terraform script though.

Is there any other way to achieve this?

Thank you very much in advance!
Regards, Oliver

@tombuildsstuff
Copy link
Contributor

hey @oliver-hermann

Thanks for opening this issue :)

We don't support this property on the azurerm_key_vault_certificate data source/resource at this time - however taking a quick look I believe this might be the cert.X509Thumbprint property in the SDK, would you be able to confirm if that's the thumbprint you're looking for?

Thanks!

@oliver-hermann
Copy link

Hey @tombuildsstuff,

The X509Thumbprint property is definitely what i am looking for. I do not have a Go environment set up here, but looking at the SDK source I'm certain that this is the right property.

Thanks for the quick response, also thanks for the nice good first issue tag, I feel honored :)

@steve-hawkins
Copy link
Contributor

I've had a hacky data external resource using the Azure CLI doing this for me for a while now

Not checked the SDK, but the Azure CLI json response brings the following back:-

C:\source> az keyvault certificate show --id https://cisteve-sf.vault.azure.
net/certificates/service-fabric-client/5c0463ba2a5d4b6aadb3c443bac6b2a3
{
  "attributes": {
    "created": "2018-09-07T15:17:53+00:00",
    "enabled": true,
    "expires": "2019-09-07T15:17:52+00:00",
    "notBefore": "2018-09-07T15:07:52+00:00",
    "recoveryLevel": "Purgeable",
    "updated": "2018-09-07T15:17:53+00:00"
  },
  "cer": "MIIDdDCCAlygAwIBAgIQVVqZFx1mQ4ijPG1xJFZLmjANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxjYnVrLWNhcmRzLWNpc3RldmUudWt3ZXN0LmNsb3VkYXBwLmF6dXJlLmNvbTAeFw0xODA5MDcxNTA3NTJaFw0xOTA5MDcxNTE3NTJaMDcxNTAzBgNVBAMTLGNidWstY2FyZHMtY2lzdGV2ZS51a3dlc3QuY2xvdWRhcHAuYXp1cmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPtFzgGxKmX2aGuGtIjE4Z3W49y1HNPnyVjG8Md5yVRA32K8tSKCx2QY756v3fQL3/PGXa1IxONSBKoCHuDhsyAGzYGTifdTVezJ1SDOJ+o9MYXMr4E056EK7nGU22F+0sfj2qrEACKKkDztnvsa1AEKIfcDIUngdEXZeNdl48/jTsKAYoqckN6WsGKmSECn+lh0Quq93r9c1leszruv//X+l8NyK19ucPqQpFo88ujaZWig/HPZTqn8ggIQ6EX6qjr4bboLgDynJnwDfPPe0BUEd3bLTZFsLuyYKXI8YMt7cVV81wd5ZRnbEq8TagRYwvK4t10Lhc1IaEDsGX1lSQIDAQABo3wwejAOBgNVHQ8BAf8EBAMCAb4wCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUKL1WMRCL9Gto2UzQEQutSPj7/ywwHQYDVR0OBBYEFCi9VjEQi/RraNlM0BELrUj4+/8sMA0GCSqGSIb3DQEBCwUAA4IBAQClwY+NBE4F5u7BW/HNTbmJ7DG4dST+RK1XFjRfRgc5RRxMIwXGVFD2ENvQkC1hQxQh76ftLvX5ev0SE+vGmdafBKZhkBwFlPGdAo1/qeTb3CfvHlVIkAm6unjW8v1U1mWHIMtBG5FnpsW7Yg1ByJxptbRcnQJhKdgTg5Dvdyi3N9Z5GwEa71zvlkh9DdHCmuhtGAVzNK61azqUaH8/usp/+TaHQ4DqEPzXuNg/ZMoz9TQkHxKrwiMqq0lc62Nv1Z1SI3kHvQGn+T3tPesPQOV2nk13fX+6ZFLyb4lmAwkErAxVnXS1qL3Ko/ZqpFuRYH5EoUX/BWd3UiU646Ks8dwT",
  "contentType": null,
  "id": "https://cisteve-sf.vault.azure.net/certificates/service-fabric-client/5c0463ba2a5d4b6aadb3c443bac6b2a3",
  "kid": "https://cisteve-sf.vault.azure.net/keys/service-fabric-client/5c0463ba2a5d4b6aadb3c443bac6b2a3",
  "policy": null,
  "sid": "https://cisteve-sf.vault.azure.net/secrets/service-fabric-client/5c0463ba2a5d4b6aadb3c443bac6b2a3",
  "tags": {},
  "x509Thumbprint": "Z0n+Bjubk2ZIQLJoPWiRlL2uKhI=",
  "x509ThumbprintHex": "6749FE063B9B93664840B2683D689194BDAE2A12"
}

don't worry these were temporary details, but as you can see x509Thumbprint and x509ThumbprintHex are both returned.

x509ThumbprintHex is the value required in the azurerm_service_fabric_cluster resource

I've not picked up GoLang before, but looking at the SDK it only returns the Base64 encoded value

I'm going to try and play around with the Azure Go SDK to see what is what

@steve-hawkins
Copy link
Contributor

steve-hawkins commented Sep 8, 2018

so I have tried the following, but not getting what I expect back:-

x509Thumbprint := string(*cert.X509Thumbprint)

x509ThumbprintHex, err := base64.URLEncoding.DecodeString(x509Thumbprint)
if err != nil {
	return err
}

d.Set("thumbprint", x509ThumbprintHex)
  • azurerm_key_vault_certificate.service_fabric_client: azurerm_key_vault_certificate.service_fabric_client: illegal base64 data at input byte 24

@tombuildsstuff any ideas?

@steve-hawkins
Copy link
Contributor

@tombuildsstuff OK got it, like I said fresh and new to Go:-

x509Thumbprint, err := base64.RawURLEncoding.DecodeString(string(*cert.X509Thumbprint))
if err != nil {
	return err
}

x509ThumbprintHex := hex.EncodeToString(x509Thumbprint)

d.Set("thumbprint", x509ThumbprintHex)

I'll raise a PR shortly

@ghost
Copy link
Author

ghost commented Mar 6, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 6, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants