Add azurerm_key_vault_certificate_issuer

[sirlatrom]

Fixes #7073.

[sirlatrom]

I've only been force-pushing to keep up to date with master. Other than that this should be ready.

[sirlatrom]

@katbyte @tombuildsstuff I've been using this for a while and seems to work fine; is there anything missing?

[sirlatrom]

It is required when you have an actual account with the provider, e.g. DigiCert.

…

On Sun, 14 Jun 2020, 19:41 Paul Wiens, ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In website/docs/r/key_vault_certificate_issuer.html.markdown <#7074 (comment)> : > + +resource "azurerm_key_vault_certificate_issuer" "example" { + name = "example-issuer" + org_id = "0000" + key_vault_id = data.azurerm_key_vault.example.id + provider_name = "DigiCert" + account_id = "0000" + password = "example-password" +} +``` + +## Arguments Reference + +The following arguments are supported: + +* `account_id` - (Required) The account number with the third-party Certificate Issuer. This isn't actually required. I have a fork that implements this same resource provider and passing anything other than key_keyvault_id, provider_name, and name isn't required. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#7074 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADH5IMHXU6PNBKEQW4HBI3RWUDS7ANCNFSM4NJV3R5A> .

[pwiens]

I would love it if this got merged. I've been waiting for this feature since 2.0

[sirlatrom]

Rebased on the main branch and resolved contention from the newly added azurerm_key_vault_certificate datasource.

[sirlatrom]

I'd love for this to get merged too.

@pwiens Was it company policy or something that prevented you from contributing your fork?

[pwiens]

@sirlatrom This is the first time I've touched go code and I didn't feel comfortable enough putting together a PR with decent tests. I was going to invest some time in doing that but I saw your PR and the issue you opened. Thanks for taking the time to do the work.

[jackofallops]

Hi @sirlatrom
Thanks for this PR for new resource and data source, it's off to a good start, and apologies for the fairly rushed review here (but I did promise I'd try to get to it today!).

I've made some comments and suggestions below on the code. I've not covered the testing or docs fully yet, but I'll loop back to that after you've had a look at the review so far. (I will mention that the tests for the data source are missing and we would want to see a requiresImport and an update test on the resource.)

[jackofallops]

I think these should probably be nil checked before setting, if the response is missing elements for some reason we'll get a panic here.

[jackofallops]

These (OrganizationDetails and Credentials) are potentially nil, so should probably be nil checked before attempting to set the schema attributes to the values contained within to avoid panic.

[jackofallops]

We should get the information to make the Read call from the ID in the state (using d.Id()), rather than the config, this allows us to understand the difference between the config and what Terraform last knew about.

[jackofallops]

As above, re: removing duplication of the word Error from message output

[jackofallops]

As with Read, Delete should use the state for this information.

[sirlatrom]

@jackofallops Just missing the datasource tests now, but perhaps you could already now validate the changes to the rest of the PR?

[sirlatrom]

@jackofallops I've added a very basic test of the datasource. What is the expected level of detail?

[jackofallops]

@jackofallops I've added a very basic test of the datasource. What is the expected level of detail?

Thanks! Usually we create an example resource and ensure that each expected exported attribute in the data source is populated as expected. I'll re-review now, sorry for the delay in looping back.

[jackofallops]

Hi @sirlatrom
Thanks for the updates and great work so far, a few more changes noted below (sorry, I missed a couple things last pass). I've also left a question around the change to the custom poller for certificate creation, if you can explain the scenario you're looking to mitigate I can review that again.

Thanks again!

[sirlatrom]

Hi @jackofallops,

A quick answer regarding the poller: Our issuer turns out to include manual processing on the issuer's side, with an initial estimated time returned in a message that would be frail to parse. They do however have a SLA that should fall within the updated timeouts. Alternatively, the timeouts could be exposed as attributes, too.

I'll handle the other review items early next week.

[sirlatrom]

@tombuildsstuff @jackofallops I've applied your suggestions and also rebased on origin/mastermain to ensure the branch is sufficiently up to date.

[jackofallops]

Thanks @sirlatrom - I've just fixed a minor issue we introduced along the way, so hopefully travis will be happy now. As soon as that goes green I think we're good to rerun the tests and, all being well, get this merged in.

[jackofallops]

Tests re-run and passing after changes:

[ghost]

This has been released in version 2.18.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.18.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!