Add table azure_key_vault_certificate Closes #633

turbot · Nov 30, 2023 · 7f9b336 · 7f9b336
1 parent 10e0689
commit 7f9b336
Show file tree

Hide file tree

Showing 12 changed files with 558 additions and 0 deletions.
diff --git a/azure-test/tests/azure_key_vault_certificate/test-get-expected.json b/azure-test/tests/azure_key_vault_certificate/test-get-expected.json
@@ -0,0 +1,6 @@
+[
+  {
+    "id": "{{ output.resource_id.value }}",
+    "name": "{{ resourceName }}"
+  }
+]
diff --git a/azure-test/tests/azure_key_vault_certificate/test-get-query.sql b/azure-test/tests/azure_key_vault_certificate/test-get-query.sql
@@ -0,0 +1,3 @@
+select name, id
+from azure.azure_key_vault_certificate
+where name = '{{resourceName}}' and vault_name = '{{resourceName}}'
diff --git a/azure-test/tests/azure_key_vault_certificate/test-hydrate-expected.json b/azure-test/tests/azure_key_vault_certificate/test-hydrate-expected.json
@@ -0,0 +1,7 @@
+[
+  {
+    "id": "{{ output.resource_id.value }}",
+    "name": "{{resourceName}}",
+    "vault_name": "{{resourceName}}"
+  }
+]
diff --git a/azure-test/tests/azure_key_vault_certificate/test-hydrate-query.sql b/azure-test/tests/azure_key_vault_certificate/test-hydrate-query.sql
@@ -0,0 +1,3 @@
+select name, vault_name, id
+from azure.azure_key_vault_certificate
+where name = '{{resourceName}}' and title = '{{resourceName}}'
diff --git a/azure-test/tests/azure_key_vault_certificate/test-list-expected.json b/azure-test/tests/azure_key_vault_certificate/test-list-expected.json
@@ -0,0 +1,6 @@
+[
+  {
+    "id": "{{ output.resource_id.value }}",
+    "name": "{{resourceName}}"
+  }
+]
diff --git a/azure-test/tests/azure_key_vault_certificate/test-list-query.sql b/azure-test/tests/azure_key_vault_certificate/test-list-query.sql
@@ -0,0 +1,3 @@
+select id, name
+from azure.azure_key_vault_certificate
+where name = '{{resourceName}}'
diff --git a/azure-test/tests/azure_key_vault_certificate/test-not-found-expected.json b/azure-test/tests/azure_key_vault_certificate/test-not-found-expected.json
@@ -0,0 +1 @@
+null
diff --git a/azure-test/tests/azure_key_vault_certificate/test-not-found-query.sql b/azure-test/tests/azure_key_vault_certificate/test-not-found-query.sql
@@ -0,0 +1,3 @@
+select name, akas, tags, title
+from azure.azure_key_vault_certificate
+where name = 'dummy-{{resourceName}}' and vault_name = '{{resourceName}}'
diff --git a/azure-test/tests/azure_key_vault_certificate/variables.tf b/azure-test/tests/azure_key_vault_certificate/variables.tf
@@ -0,0 +1,171 @@
+variable "resource_name" {
+  type        = string
+  default     = "turbot-test-20200125-create-update"
+  description = "Name of the resource used throughout the test."
+}
+
+variable "azure_environment" {
+  type        = string
+  default     = "public"
+  description = "Azure environment used for the test."
+}
+
+variable "azure_subscription" {
+  type        = string
+  default     = "3510ae4d-530b-497d-8f30-53c0616fc6c1"
+  description = "Azure subscription used for the test."
+}
+
+provider "azurerm" {
+  environment     = var.azure_environment
+  subscription_id = var.azure_subscription
+  features {}
+}
+
+data "azurerm_client_config" "current" {}
+
+data "null_data_source" "resource" {
+  inputs = {
+    scope = "azure:///subscriptions/${data.azurerm_client_config.current.subscription_id}"
+  }
+}
+
+resource "azurerm_resource_group" "named_test_resource" {
+  name     = var.resource_name
+  location = "West US"
+}
+
+resource "azurerm_key_vault" "example" {
+  name                       = var.resource_name
+  location                   = azurerm_resource_group.named_test_resource.location
+  resource_group_name        = azurerm_resource_group.named_test_resource.name
+  tenant_id                  = data.azurerm_client_config.current.tenant_id
+  sku_name                   = "standard"
+  soft_delete_retention_days = 7
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+
+    certificate_permissions = [
+      "Create",
+      "Delete",
+      "DeleteIssuers",
+      "Get",
+      "GetIssuers",
+      "Import",
+      "List",
+      "ListIssuers",
+      "ManageContacts",
+      "ManageIssuers",
+      "Purge",
+      "SetIssuers",
+      "Update",
+    ]
+
+    key_permissions = [
+      "Backup",
+      "Create",
+      "Decrypt",
+      "Delete",
+      "Encrypt",
+      "Get",
+      "Import",
+      "List",
+      "Purge",
+      "Recover",
+      "Restore",
+      "Sign",
+      "UnwrapKey",
+      "Update",
+      "Verify",
+      "WrapKey",
+    ]
+
+    secret_permissions = [
+      "Backup",
+      "Delete",
+      "Get",
+      "List",
+      "Purge",
+      "Recover",
+      "Restore",
+      "Set",
+    ]
+  }
+}
+
+resource "azurerm_key_vault_certificate" "example" {
+  depends_on = [azurerm_key_vault.example]
+  name         = var.resource_name
+  key_vault_id = azurerm_key_vault.example.id
+
+  certificate_policy {
+    issuer_parameters {
+      name = "Self"
+    }
+
+    key_properties {
+      exportable = true
+      key_size   = 2048
+      key_type   = "RSA"
+      reuse_key  = true
+    }
+
+    lifetime_action {
+      action {
+        action_type = "AutoRenew"
+      }
+
+      trigger {
+        days_before_expiry = 30
+      }
+    }
+
+    secret_properties {
+      content_type = "application/x-pkcs12"
+    }
+
+    x509_certificate_properties {
+      # Server Authentication = 1.3.6.1.5.5.7.3.1
+      # Client Authentication = 1.3.6.1.5.5.7.3.2
+      extended_key_usage = ["1.3.6.1.5.5.7.3.1"]
+
+      key_usage = [
+        "cRLSign",
+        "dataEncipherment",
+        "digitalSignature",
+        "keyAgreement",
+        "keyCertSign",
+        "keyEncipherment",
+      ]
+
+      subject_alternative_names {
+        dns_names = ["internal.contoso.com", "domain.hello.world"]
+      }
+
+      subject            = "CN=hello-world"
+      validity_in_months = 12
+    }
+  }
+}
+
+output "resource_aka" {
+  value = "azure://${azurerm_key_vault_certificate.example.id}"
+}
+
+output "resource_aka_lower" {
+  value = "azure://${lower(azurerm_key_vault_certificate.example.id)}"
+}
+
+output "resource_id" {
+  value = azurerm_key_vault_certificate.example.id
+}
+
+output "subscription_id" {
+  value = var.azure_subscription
+}
+
+output "resource_name" {
+  value = var.resource_name
+}
diff --git a/azure/plugin.go b/azure/plugin.go
@@ -96,6 +96,7 @@ func Plugin(ctx context.Context) *plugin.Plugin {
 			"azure_iothub":                                                tableAzureIotHub(ctx),
 			"azure_iothub_dps":                                            tableAzureIotHubDps(ctx),
 			"azure_key_vault":                                             tableAzureKeyVault(ctx),
+			"azure_key_vault_certificate":                                 tableAzureKeyVaultCertificate(ctx),
 			"azure_key_vault_deleted_vault":                               tableAzureKeyVaultDeletedVault(ctx),
 			"azure_key_vault_key":                                         tableAzureKeyVaultKey(ctx),
 			"azure_key_vault_key_version":                                 tableAzureKeyVaultKeyVersion(ctx),

diff --git a/azure/table_azure_key_vault.go b/azure/table_azure_key_vault.go
@@ -251,6 +251,8 @@ func listKeyVaults(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateDa
 
 	}
 
+	plugin.Logger(ctx).Error("List Key Vaults ====>>> ", "OK")
+
 	return nil, err
 }
-Original file line number
+Diff line change
@@ Expand Up @@
     	}
+    	plugin.Logger(ctx).Error("List Key Vaults ====>>> ", "OK")
     	return nil, err
     }
@@ Expand Down @@