diff --git a/azurerm/internal/services/servicefabric/resource_arm_service_fabric_cluster.go b/azurerm/internal/services/servicefabric/resource_arm_service_fabric_cluster.go index 55d889d16922..21cd3b610d40 100644 --- a/azurerm/internal/services/servicefabric/resource_arm_service_fabric_cluster.go +++ b/azurerm/internal/services/servicefabric/resource_arm_service_fabric_cluster.go @@ -204,7 +204,6 @@ func resourceArmServiceFabricCluster() *schema.Resource { "client_certificate_thumbprint": { Type: schema.TypeList, Optional: true, - MaxItems: 2, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "thumbprint": { diff --git a/azurerm/internal/services/servicefabric/tests/resource_arm_service_fabric_cluster_test.go b/azurerm/internal/services/servicefabric/tests/resource_arm_service_fabric_cluster_test.go index ff4c44dd2b7e..08719913987d 100644 --- a/azurerm/internal/services/servicefabric/tests/resource_arm_service_fabric_cluster_test.go +++ b/azurerm/internal/services/servicefabric/tests/resource_arm_service_fabric_cluster_test.go @@ -363,6 +363,25 @@ func TestAccAzureRMServiceFabricCluster_clientCertificateThumbprint(t *testing.T }) } +func TestAccAzureRMServiceFabricCluster_withMultipleClientCertificateThumbprints(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_service_fabric_cluster", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMServiceFabricClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMServiceFabricCluster_withMultipleClientCertificateThumbprints(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMServiceFabricClusterExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func TestAccAzureRMServiceFabricCluster_clientCertificateCommonNames(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_service_fabric_cluster", "test") @@ -1108,6 +1127,65 @@ resource "azurerm_service_fabric_cluster" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } +func testAccAzureRMServiceFabricCluster_withMultipleClientCertificateThumbprints(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-cluster-%d" + location = "%s" +} + +resource "azurerm_service_fabric_cluster" "test" { + name = "acctest-cluster-%d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + reliability_level = "Bronze" + upgrade_mode = "Automatic" + vm_image = "Windows" + management_endpoint = "https://example:80" + + certificate { + thumbprint = "3341DB6CF2AF72C611DF3BE3721A653AF1D43ECD50F584F828793DBE9103C3EE" + x509_store_name = "My" + } + + client_certificate_thumbprint { + thumbprint = "1341DB6CF2AF72C611DF3BE3721A653AF1D43ECD50F584F828793DBE9103C3EE" + is_admin = true + } + + client_certificate_thumbprint { + thumbprint = "2341DB6CF2AF72C611DF3BE3721A653AF1D43ECD50F584F828793DBE9103C3EE" + is_admin = false + } + + client_certificate_thumbprint { + thumbprint = "3341DB6CF2AF72C611DF3BE3721A653AF1D43ECD50F584F828793DBE9103C3EE" + is_admin = true + } + + fabric_settings { + name = "Security" + + parameters = { + "ClusterProtectionLevel" = "EncryptAndSign" + } + } + + node_type { + name = "first" + instance_count = 3 + is_primary = true + client_endpoint_port = 2020 + http_endpoint_port = 80 + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + func testAccAzureRMServiceFabricCluster_clientCertificateCommonNames(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { diff --git a/website/docs/r/service_fabric_cluster.html.markdown b/website/docs/r/service_fabric_cluster.html.markdown index 43532900b611..a0d15182c6b5 100644 --- a/website/docs/r/service_fabric_cluster.html.markdown +++ b/website/docs/r/service_fabric_cluster.html.markdown @@ -74,7 +74,7 @@ The following arguments are supported: * `reverse_proxy_certificate` - (Optional) A `reverse_proxy_certificate` block as defined below. -* `client_certificate_thumbprint` - (Optional) One or two `client_certificate_thumbprint` blocks as defined below. +* `client_certificate_thumbprint` - (Optional) A `client_certificate_thumbprint` block as defined below. * `client_certificate_common_name` - (Optional) A `client_certificate_common_name` block as defined below.