New DataSource: azurerm_key_vault_certificates
#19498
Conversation
There was a problem hiding this comment.
Thanks @harshavmb, looks good overall but we have a test failure:
------- Stdout: -------
=== RUN TestAccDataSourceKeyVaultCertificates_basic
=== PAUSE TestAccDataSourceKeyVaultCertificates_basic
=== CONT TestAccDataSourceKeyVaultCertificates_basic
testcase.go:110: Step 1/1 error: Error running apply: exit status 1
Error: making Read request on Azure KeyVault "Vault: (Name \"acctestkeyvaultoo3qd\" / Resource Group \"acctestRG-221205172152005995\")": keyvault.BaseClient#GetCertificates: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=*******;oid=3aa04c8c-5a75-4e5e-9117-1b7cf6f33e21;numgroups=9;iss=https://sts.windows.net/*******/' does not have certificates list permission on key vault 'acctestkeyvaultoo3qd;location=westus2'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"ForbiddenByPolicy"}
with data.azurerm_key_vault_certificates.test,
on terraform_plugin_test.tf line 157, in data "azurerm_key_vault_certificates" "test":
157: data "azurerm_key_vault_certificates" "test" {
--- FAIL: TestAccDataSourceKeyVaultCertificates_basic (474.80s)
FAIL
Hello @katbyte , I've added missing permissions for tests to succeed. |
There was a problem hiding this comment.
hey @harshavmb
Thanks for this PR - I've taken a look through and left some comments inline, but if we can fix those up then we should be able to take another look/get this merged 👍
Thanks!
internal/services/keyvault/key_vault_certificates_data_source.go
Outdated
Show resolved
Hide resolved
internal/services/keyvault/key_vault_certificates_data_source.go
Outdated
Show resolved
Hide resolved
internal/services/keyvault/key_vault_certificates_data_source.go
Outdated
Show resolved
Hide resolved
| check.That(data.ResourceName).Key("names.#").HasValue("9"), | ||
| ), | ||
| }, | ||
| }) | ||
| } | ||
|
|
||
| func (KeyVaultCertificatesDataSource) basic(data acceptance.TestData) string { | ||
| return fmt.Sprintf(` | ||
| %s | ||
|
|
||
| resource "azurerm_key_vault_certificate" "test2" { | ||
| count = 10 |
There was a problem hiding this comment.
we're creating 10 of these, so this would indicate that we're not paging or something?
There was a problem hiding this comment.
Paging happens after 25 resources as per doc here.
So, left untouched.
There was a problem hiding this comment.
so could we create 26 for test purposes to check we cross the boundary?
Hi @tombuildsstuff , I've made changes as per your review. Let me know if it looks good. |
harshavmb
requested review from
tombuildsstuff and
katbyte
and removed request for
katbyte and
tombuildsstuff
| check.That(data.ResourceName).Key("names.#").HasValue("9"), | ||
| ), | ||
| }, | ||
| }) | ||
| } | ||
|
|
||
| func (KeyVaultCertificatesDataSource) basic(data acceptance.TestData) string { | ||
| return fmt.Sprintf(` | ||
| %s | ||
|
|
||
| resource "azurerm_key_vault_certificate" "test2" { | ||
| count = 10 |
There was a problem hiding this comment.
so could we create 26 for test purposes to check we cross the boundary?
Sure, I've increased tests to 30 now just to be in sync with From my state file ::
|
harshavmb
requested review from
katbyte and
tombuildsstuff
and removed request for
katbyte
There was a problem hiding this comment.
Thanks @harshavmb - looks good aside from a test failure:
------- Stdout: -------
=== RUN TestAccDataSourceKeyVaultCertificates_basic
=== PAUSE TestAccDataSourceKeyVaultCertificates_basic
=== CONT TestAccDataSourceKeyVaultCertificates_basic
testcase.go:110: Step 1/1 error: Error running apply: exit status 1
Error: A resource with the ID "/subscriptions/*******/resourceGroups/acctestRG-221219175714268125/providers/Microsoft.KeyVault/vaults/acctestkeyvault8ck08/objectId/3aa04c8c-5a75-4e5e-9117-1b7cf6f33e21" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_access_policy" for more information.
with azurerm_key_vault_access_policy.certificates,
on terraform_plugin_test.tf line 157, in resource "azurerm_key_vault_access_policy" "certificates":
157: resource "azurerm_key_vault_access_policy" "certificates" {
Error: retrieving Vault: (Name "acctestkeyvault8ck08" / Resource Group "acctestRG-221219175714268125"): keyvault.BaseClient#GetCertificates: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=*******;oid=3aa04c8c-5a75-4e5e-9117-1b7cf6f33e21;numgroups=9;iss=https://sts.windows.net/*******/' does not have certificates list permission on key vault 'acctestkeyvault8ck08;location=westeurope'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"ForbiddenByPolicy"}
with data.azurerm_key_vault_certificates.test,
on terraform_plugin_test.tf line 172, in data "azurerm_key_vault_certificates" "test":
172: data "azurerm_key_vault_certificates" "test" {
--- FAIL: TestAccDataSourceKeyVaultCertificates_basic (769.17s)
FAIL
once thats fixed up this should be good to merge!
|
@harshavmb I really like, to have this data source. Do you know, if you have time to look at this in the near future? |
I tried my best to push for this PR. If tests are failing due to 403 error, I'm not going to do anything. Also, I can't test on my Azure environment as resource group creation is restricted. |
There was a problem hiding this comment.
Hey @harshavmb, the test isn't passing because of a 403 but because we're managing certificate access policies in the template but you've declared a resource to manage certificate access policies so Terraform is stuck.
Error: A resource with the ID "/subscriptions/*******/resourceGroups/acctestRG-221219175714268125/providers/Microsoft.KeyVault/vaults/acctestkeyvault8ck08/objectId/3aa04c8c-5a75-4e5e-9117-1b7cf6f33e21" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_access_policy" for more information.
I've detailed how to fix this in a comment below
| key_vault_id = azurerm_key_vault.test.id | ||
| } | ||
|
|
||
| resource "azurerm_key_vault_access_policy" "certificates" { |
There was a problem hiding this comment.
There is an issue with this resource because we're managing certificate access policies inside of the template. If you remove resource "azurerm_key_vault_access_policy" "certificates" { and add "List" to the linked block, this test should pass
…ough resource template as per review
harshavmb
requested review from
mbfrahry
and removed request for
tombuildsstuff
|
Hi @mbfrahry , I've pushed changes as you asked. Please let me know if tests run fine now. |
| { | ||
| Config: r.basic(data), | ||
| Check: acceptance.ComposeTestCheckFunc( | ||
| check.That(data.ResourceName).Key("names.#").HasValue("9"), |
There was a problem hiding this comment.
| check.That(data.ResourceName).Key("names.#").HasValue("9"), | |
| check.That(data.ResourceName).Key("names.#").HasValue("31"), |
There was a problem hiding this comment.
i can't edit this PR, @harshavmb once this change is made this is good to go
There was a problem hiding this comment.
Hi @katbyte ,
I've pushed the change from my end.
mbfrahry
changed the title
azurerm_key_vault_certificates
|
This functionality has been released in v3.41.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Support new data source azurerm_key_vault_certificates
Fixes 19451