hashicorp · tombuildsstuff · Oct 10, 2017 · Oct 9, 2017 · Oct 10, 2017 · Oct 10, 2017
diff --git a/azurerm/import_arm_key_vault_certificate_test.go b/azurerm/import_arm_key_vault_certificate_test.go
@@ -0,0 +1,55 @@
+package azurerm
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAzureRMKeyVaultCertificate_importPFX(t *testing.T) {
+	resourceName := "azurerm_key_vault_certificate.test"
+
+	rs := acctest.RandString(6)
+	config := testAccAzureRMKeyVaultCertificate_basicImportPFX(rs, testLocation())
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMKeyVaultCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"certificate"},
+			},
+		},
+	})
+}
+
+func TestAccAzureRMKeyVaultCertificate_importGenerated(t *testing.T) {
+	resourceName := "azurerm_key_vault_certificate.test"
+
+	rs := acctest.RandString(6)
+	config := testAccAzureRMKeyVaultCertificate_basicGenerate(rs, testLocation())
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMKeyVaultCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
diff --git a/azurerm/key_vault_child.go b/azurerm/key_vault_child.go
@@ -0,0 +1,57 @@
+package azurerm
+
+import (
+	"fmt"
+	"net/url"
+	"regexp"
+	"strings"
+)
+
+func parseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
+	// example: https://tharvey-keyvault.vault.azure.net/type/bird/fdf067c93bbb4b22bff4d8b7a9a56217
+	idURL, err := url.ParseRequestURI(id)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot parse Azure KeyVault Child Id: %s", err)
+	}
+
+	path := idURL.Path
+
+	path = strings.TrimSpace(path)
+	if strings.HasPrefix(path, "/") {
+		path = path[1:]
+	}
+
+	if strings.HasSuffix(path, "/") {
+		path = path[:len(path)-1]
+	}
+
+	components := strings.Split(path, "/")
+
+	if len(components) != 3 {
+		return nil, fmt.Errorf("Azure KeyVault Child Id should have 3 segments, got %d: '%s'", len(components), path)
+	}
+
+	childId := KeyVaultChildID{
+		KeyVaultBaseUrl: fmt.Sprintf("%s://%s/", idURL.Scheme, idURL.Host),
+		Name:            components[1],
+		Version:         components[2],
+	}
+
+	return &childId, nil
+}
+
+type KeyVaultChildID struct {
+	KeyVaultBaseUrl string
+	Name            string
+	Version         string
+}
+
+func validateKeyVaultChildName(v interface{}, k string) (ws []string, es []error) {
+	value := v.(string)
+
+	if matched := regexp.MustCompile(`^[0-9a-zA-Z-]+$`).Match([]byte(value)); !matched {
+		es = append(es, fmt.Errorf("%q may only contain alphanumeric characters and dashes", k))
+	}
+
+	return
+}
diff --git a/azurerm/key_vault_child_test.go b/azurerm/key_vault_child_test.go
@@ -0,0 +1,132 @@
+package azurerm
+
+import "testing"
+
+func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
+	cases := []struct {
+		Input       string
+		ExpectError bool
+	}{
+		{
+			Input:       "",
+			ExpectError: true,
+		},
+		{
+			Input:       "hello",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello-world",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello-world-21",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello_world_21",
+			ExpectError: true,
+		},
+		{
+			Input:       "Hello-World",
+			ExpectError: false,
+		},
+		{
+			Input:       "20202020",
+			ExpectError: false,
+		},
+		{
+			Input:       "ABC123!@£",
+			ExpectError: true,
+		},
+	}
+
+	for _, tc := range cases {
+		_, errors := validateKeyVaultChildName(tc.Input, "")
+
+		hasError := len(errors) > 0
+
+		if tc.ExpectError && !hasError {
+			t.Fatalf("Expected the Key Vault Child Name to trigger a validation error for '%s'", tc.Input)
+		}
+	}
+}
+
+func TestAccAzureRMKeyVaultChild_parseID(t *testing.T) {
+	cases := []struct {
+		Input       string
+		Expected    KeyVaultChildID
+		ExpectError bool
+	}{
+		{
+			Input:       "",
+			ExpectError: true,
+		},
+		{
+			Input:       "https://my-keyvault.vault.azure.net/secrets",
+			ExpectError: true,
+		},
+		{
+			Input:       "https://my-keyvault.vault.azure.net/secrets/bird",
+			ExpectError: true,
+		},
+		{
+			Input:       "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217",
+			ExpectError: false,
+			Expected: KeyVaultChildID{
+				Name:            "bird",
+				KeyVaultBaseUrl: "https://my-keyvault.vault.azure.net/",
+				Version:         "fdf067c93bbb4b22bff4d8b7a9a56217",
+			},
+		},
+		{
+			Input:       "https://my-keyvault.vault.azure.net/certificates/hello/world",
+			ExpectError: false,
+			Expected: KeyVaultChildID{
+				Name:            "hello",
+				KeyVaultBaseUrl: "https://my-keyvault.vault.azure.net/",
+				Version:         "world",
+			},
+		},
+		{
+			Input:       "https://my-keyvault.vault.azure.net/keys/castle/1492",
+			ExpectError: false,
+			Expected: KeyVaultChildID{
+				Name:            "castle",
+				KeyVaultBaseUrl: "https://my-keyvault.vault.azure.net/",
+				Version:         "1492",
+			},
+		},
+		{
+			Input:       "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217/XXX",
+			ExpectError: true,
+		},
+	}
+
+	for _, tc := range cases {
+		secretId, err := parseKeyVaultChildID(tc.Input)
+		if err != nil {
+			if !tc.ExpectError {
+				t.Fatalf("Got error for ID '%s': %+v", tc.Input, err)
+			}
+
+			return
+		}
+
+		if secretId == nil {
+			t.Fatalf("Expected a SecretID to be parsed for ID '%s', got nil.", tc.Input)
+		}
+
+		if tc.Expected.KeyVaultBaseUrl != secretId.KeyVaultBaseUrl {
+			t.Fatalf("Expected 'KeyVaultBaseUrl' to be '%s', got '%s' for ID '%s'", tc.Expected.KeyVaultBaseUrl, secretId.KeyVaultBaseUrl, tc.Input)
+		}
+
+		if tc.Expected.Name != secretId.Name {
+			t.Fatalf("Expected 'Version' to be '%s', got '%s' for ID '%s'", tc.Expected.Name, secretId.Name, tc.Input)
+		}
+
+		if tc.Expected.Version != secretId.Version {
+			t.Fatalf("Expected 'Version' to be '%s', got '%s' for ID '%s'", tc.Expected.Version, secretId.Version, tc.Input)
+		}
+	}
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
@@ -110,6 +110,7 @@ func Provider() terraform.ResourceProvider {
 			"azurerm_express_route_circuit":       resourceArmExpressRouteCircuit(),
 			"azurerm_image":                       resourceArmImage(),
 			"azurerm_key_vault":                   resourceArmKeyVault(),
+			"azurerm_key_vault_certificate":       resourceArmKeyVaultCertificate(),
 			"azurerm_key_vault_key":               resourceArmKeyVaultKey(),
 			"azurerm_key_vault_secret":            resourceArmKeyVaultSecret(),
 			"azurerm_lb":                          resourceArmLoadBalancer(),

diff --git a/azurerm/resource_arm_key_vault.go b/azurerm/resource_arm_key_vault.go
@@ -46,7 +46,7 @@ func resourceArmKeyVault() *schema.Resource {
 			"resource_group_name": resourceGroupNameSchema(),
 
 			"sku": {
-				Type:     schema.TypeSet,
+				Type:     schema.TypeList,
 				Required: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -288,7 +288,7 @@ func resourceArmKeyVaultDelete(d *schema.ResourceData, meta interface{}) error {
 }
 
 func expandKeyVaultSku(d *schema.ResourceData) *keyvault.Sku {
-	skuSets := d.Get("sku").(*schema.Set).List()
+	skuSets := d.Get("sku").([]interface{})
 	sku := skuSets[0].(map[string]interface{})
 
 	return &keyvault.Sku{