diff --git a/azurerm/helpers/azure/key_vault.go b/azurerm/helpers/azure/key_vault.go deleted file mode 100644 index da13379ac681..000000000000 --- a/azurerm/helpers/azure/key_vault.go +++ /dev/null @@ -1,120 +0,0 @@ -package azure - -import ( - "context" - "fmt" - - "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2019-09-01/keyvault" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" -) - -func GetKeyVaultBaseUrlFromID(ctx context.Context, client *keyvault.VaultsClient, keyVaultId string) (string, error) { - if keyVaultId == "" { - return "", fmt.Errorf("keyVaultId is empty") - } - - id, err := ParseAzureResourceID(keyVaultId) - if err != nil { - return "", err - } - resourceGroup := id.ResourceGroup - - vaultName, ok := id.Path["vaults"] - if !ok { - return "", fmt.Errorf("resource id does not contain `vaults`: %q", keyVaultId) - } - - resp, err := client.Get(ctx, resourceGroup, vaultName) - if err != nil { - if utils.ResponseWasNotFound(resp.Response) { - return "", fmt.Errorf("failed to find KeyVault %q (Resource Group %q): %+v", vaultName, resourceGroup, err) - } - return "", fmt.Errorf("failed to make Read request on KeyVault %q (Resource Group %q): %+v", vaultName, resourceGroup, err) - } - - if resp.Properties == nil || resp.Properties.VaultURI == nil { - return "", fmt.Errorf("vault (%s) response properties or VaultURI is nil", keyVaultId) - } - - return *resp.Properties.VaultURI, nil -} - -func GetKeyVaultIDFromBaseUrl(ctx context.Context, client *keyvault.VaultsClient, keyVaultUrl string) (*string, error) { - list, err := client.ListComplete(ctx, utils.Int32(1000)) - if err != nil { - return nil, fmt.Errorf("failed to list Key Vaults %v", err) - } - - for list.NotDone() { - v := list.Value() - - if v.ID == nil { - return nil, fmt.Errorf("v.ID was nil") - } - - vid, err := ParseAzureResourceID(*v.ID) - if err != nil { - return nil, fmt.Errorf("failed to parse ID for Key Vault URI %q: %s", *v.ID, err) - } - resourceGroup := vid.ResourceGroup - name := vid.Path["vaults"] - - // resp does not appear to contain the vault properties, so lets fetch them - get, err := client.Get(ctx, resourceGroup, name) - if err != nil { - if utils.ResponseWasNotFound(get.Response) { - if e := list.NextWithContext(ctx); e != nil { - return nil, fmt.Errorf("failed to get next vault on KeyVault url %q : %+v", keyVaultUrl, err) - } - continue - } - return nil, fmt.Errorf("failed to make Read request on KeyVault %q (Resource Group %q): %+v", name, resourceGroup, err) - } - - if get.ID == nil || get.Properties == nil || get.Properties.VaultURI == nil { - return nil, fmt.Errorf("KeyVault %q (Resource Group %q) has nil ID, properties or vault URI", name, resourceGroup) - } - - if keyVaultUrl == *get.Properties.VaultURI { - return get.ID, nil - } - - if e := list.NextWithContext(ctx); e != nil { - return nil, fmt.Errorf("failed to get next vault on KeyVault url %q : %+v", keyVaultUrl, err) - } - } - - // we haven't found it, but Data Sources and Resources need to handle this error separately - return nil, nil -} - -func KeyVaultExists(ctx context.Context, client *keyvault.VaultsClient, keyVaultId string) (bool, error) { - if keyVaultId == "" { - return false, fmt.Errorf("keyVaultId is empty") - } - - id, err := ParseAzureResourceID(keyVaultId) - if err != nil { - return false, err - } - resourceGroup := id.ResourceGroup - - vaultName, ok := id.Path["vaults"] - if !ok { - return false, fmt.Errorf("resource id does not contain `vaults`: %q", keyVaultId) - } - - resp, err := client.Get(ctx, resourceGroup, vaultName) - if err != nil { - if utils.ResponseWasNotFound(resp.Response) { - return false, nil - } - return false, fmt.Errorf("failed to make Read request on KeyVault %q (Resource Group %q): %+v", vaultName, resourceGroup, err) - } - - if resp.Properties == nil || resp.Properties.VaultURI == nil { - return false, fmt.Errorf("vault (%s) response properties or VaultURI is nil", keyVaultId) - } - - return true, nil -} diff --git a/azurerm/internal/services/compute/disk_encryption_set_resource.go b/azurerm/internal/services/compute/disk_encryption_set_resource.go index 82171706aeca..60dae2b3db89 100644 --- a/azurerm/internal/services/compute/disk_encryption_set_resource.go +++ b/azurerm/internal/services/compute/disk_encryption_set_resource.go @@ -7,15 +7,16 @@ import ( "time" "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2020-06-01/compute" - "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2019-09-01/keyvault" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/compute/parse" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/client" keyVaultParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate" + resourcesClient "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/client" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags" azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" @@ -94,7 +95,8 @@ func resourceDiskEncryptionSet() *schema.Resource { func resourceDiskEncryptionSetCreate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).Compute.DiskEncryptionSetsClient - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -112,7 +114,7 @@ func resourceDiskEncryptionSetCreate(d *schema.ResourceData, meta interface{}) e } keyVaultKeyId := d.Get("key_vault_key_id").(string) - keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, vaultClient, keyVaultKeyId) + keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, keyVaultsClient, resourcesClient, keyVaultKeyId) if err != nil { return fmt.Errorf("Error validating Key Vault Key %q for Disk Encryption Set: %+v", keyVaultKeyId, err) } @@ -204,7 +206,8 @@ func resourceDiskEncryptionSetRead(d *schema.ResourceData, meta interface{}) err func resourceDiskEncryptionSetUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).Compute.DiskEncryptionSetsClient - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -220,7 +223,7 @@ func resourceDiskEncryptionSetUpdate(d *schema.ResourceData, meta interface{}) e if d.HasChange("key_vault_key_id") { keyVaultKeyId := d.Get("key_vault_key_id").(string) - keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, vaultClient, keyVaultKeyId) + keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, keyVaultsClient, resourcesClient, keyVaultKeyId) if err != nil { return fmt.Errorf("Error validating Key Vault Key %q for Disk Encryption Set: %+v", keyVaultKeyId, err) } @@ -312,12 +315,12 @@ type diskEncryptionSetKeyVault struct { softDeleteEnabled bool } -func diskEncryptionSetRetrieveKeyVault(ctx context.Context, client *keyvault.VaultsClient, id string) (*diskEncryptionSetKeyVault, error) { +func diskEncryptionSetRetrieveKeyVault(ctx context.Context, keyVaultsClient *client.Client, resourcesClient *resourcesClient.Client, id string) (*diskEncryptionSetKeyVault, error) { keyVaultKeyId, err := keyVaultParse.ParseNestedItemID(id) if err != nil { return nil, err } - keyVaultID, err := azure.GetKeyVaultIDFromBaseUrl(ctx, client, keyVaultKeyId.KeyVaultBaseUrl) + keyVaultID, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultKeyId.KeyVaultBaseUrl) if err != nil { return nil, fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", keyVaultKeyId.KeyVaultBaseUrl, err) } @@ -325,17 +328,14 @@ func diskEncryptionSetRetrieveKeyVault(ctx context.Context, client *keyvault.Vau return nil, fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", keyVaultKeyId.KeyVaultBaseUrl) } - // TODO: use keyvault's custom ID parse function when implemented - parsedKeyVaultID, err := azure.ParseAzureResourceID(*keyVaultID) + parsedKeyVaultID, err := keyVaultParse.VaultID(*keyVaultID) if err != nil { - return nil, fmt.Errorf("Error parsing ID for keyvault in Disk Encryption Set: %+v", err) + return nil, err } - resourceGroup := parsedKeyVaultID.ResourceGroup - vaultName := parsedKeyVaultID.Path["vaults"] - resp, err := client.Get(ctx, resourceGroup, vaultName) + resp, err := keyVaultsClient.VaultsClient.Get(ctx, parsedKeyVaultID.ResourceGroup, parsedKeyVaultID.Name) if err != nil { - return nil, fmt.Errorf("Error retrieving KeyVault %q (Resource Group %q): %+v", vaultName, resourceGroup, err) + return nil, fmt.Errorf("retrieving %s: %+v", *parsedKeyVaultID, err) } purgeProtectionEnabled := false @@ -353,8 +353,8 @@ func diskEncryptionSetRetrieveKeyVault(ctx context.Context, client *keyvault.Vau return &diskEncryptionSetKeyVault{ keyVaultId: *keyVaultID, - resourceGroupName: resourceGroup, - keyVaultName: vaultName, + resourceGroupName: parsedKeyVaultID.ResourceGroup, + keyVaultName: parsedKeyVaultID.Name, purgeProtectionEnabled: purgeProtectionEnabled, softDeleteEnabled: softDeleteEnabled, }, nil diff --git a/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go b/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go index 6afc2ff6d728..21db2c2456e3 100644 --- a/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go +++ b/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go @@ -101,22 +101,21 @@ func resourceDataFactoryLinkedServiceKeyVault() *schema.Resource { func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).DataFactory.LinkedServiceClient - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) dataFactoryName := d.Get("data_factory_name").(string) resourceGroup := d.Get("resource_group_name").(string) - keyVaultIdRaw := d.Get("key_vault_id").(string) - _, err := keyVaultParse.VaultID(keyVaultIdRaw) + keyVaultId, err := keyVaultParse.VaultID(d.Get("key_vault_id").(string)) if err != nil { return err } - keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultIdRaw) + keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultIdRaw, err) + return err } if d.IsNewResource() { @@ -133,7 +132,7 @@ func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData } azureKeyVaultProperties := &datafactory.AzureKeyVaultLinkedServiceTypeProperties{ - BaseURL: utils.String(keyVaultBaseUri), + BaseURL: keyVaultBaseUri, } azureKeyVaultLinkedService := &datafactory.AzureKeyVaultLinkedService{ @@ -183,7 +182,8 @@ func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData func resourceDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).DataFactory.LinkedServiceClient - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -245,11 +245,13 @@ func resourceDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta i } } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, baseUrl) - if err != nil { - return fmt.Errorf("Error looking up Key Vault id from url %q: %+v", baseUrl, err) + var keyVaultId *string + if baseUrl != "" { + keyVaultId, err = keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, baseUrl) + if err != nil { + return err + } } - d.Set("key_vault_id", keyVaultId) return nil diff --git a/azurerm/internal/services/keyvault/client/helpers.go b/azurerm/internal/services/keyvault/client/helpers.go index d377a734c408..48f46542c3d0 100644 --- a/azurerm/internal/services/keyvault/client/helpers.go +++ b/azurerm/internal/services/keyvault/client/helpers.go @@ -8,6 +8,7 @@ import ( "sync" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" + resource "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/client" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -28,8 +29,10 @@ func (c *Client) AddToCache(keyVaultId parse.VaultId, dataPlaneUri string) { } } -// nolint: deadcode unused func (c *Client) BaseUriForKeyVault(ctx context.Context, keyVaultId parse.VaultId) (*string, error) { + if lock[keyVaultId.Name] == nil { + lock[keyVaultId.Name] = &sync.RWMutex{} + } lock[keyVaultId.Name].Lock() defer lock[keyVaultId.Name].Unlock() @@ -48,8 +51,10 @@ func (c *Client) BaseUriForKeyVault(ctx context.Context, keyVaultId parse.VaultI return resp.Properties.VaultURI, nil } -// nolint: deadcode unused func (c *Client) Exists(ctx context.Context, keyVaultId parse.VaultId) (bool, error) { + if lock[keyVaultId.Name] == nil { + lock[keyVaultId.Name] = &sync.RWMutex{} + } lock[keyVaultId.Name].Lock() defer lock[keyVaultId.Name].Unlock() @@ -74,57 +79,52 @@ func (c *Client) Exists(ctx context.Context, keyVaultId parse.VaultId) (bool, er return true, nil } -// nolint: deadcode unused -func (c *Client) KeyVaultIDFromBaseUrl(ctx context.Context, keyVaultBaseUrl string) (*string, error) { +func (c *Client) KeyVaultIDFromBaseUrl(ctx context.Context, resourcesClient *resource.Client, keyVaultBaseUrl string) (*string, error) { keyVaultName, err := c.parseNameFromBaseUrl(keyVaultBaseUrl) if err != nil { return nil, err } + if lock[*keyVaultName] == nil { + lock[*keyVaultName] = &sync.RWMutex{} + } lock[*keyVaultName].Lock() defer lock[*keyVaultName].Unlock() - list, err := c.VaultsClient.ListComplete(ctx, utils.Int32(1000)) + filter := fmt.Sprintf("resourceType eq 'Microsoft.KeyVault/vaults' and name eq '%s'", *keyVaultName) + result, err := resourcesClient.ResourcesClient.List(ctx, filter, "", utils.Int32(5)) if err != nil { - return nil, fmt.Errorf("failed to list Key Vaults %v", err) + return nil, fmt.Errorf("listing resources matching %q: %+v", filter, err) } - // TODO: make this more efficient - for list.NotDone() { - v := list.Value() - - if v.ID == nil { - return nil, fmt.Errorf("v.ID was nil") - } - - id, err := parse.VaultID(*v.ID) - if err != nil { - return nil, err - } + for result.NotDone() { + for _, v := range result.Values() { + if v.ID == nil { + continue + } - // resp does not appear to contain the vault properties, so lets fetch them - get, err := c.VaultsClient.Get(ctx, id.ResourceGroup, id.Name) - if err != nil { - if utils.ResponseWasNotFound(get.Response) { - if e := list.NextWithContext(ctx); e != nil { - return nil, fmt.Errorf("failed to get next vault on KeyVault url %q : %+v", keyVaultBaseUrl, err) - } + id, err := parse.VaultID(*v.ID) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", *v.ID, err) + } + if id.Name != *keyVaultName { continue } - return nil, fmt.Errorf("retrieving %s: %+v", *id, err) - } - if get.ID == nil || get.Properties == nil || get.Properties.VaultURI == nil { - return nil, fmt.Errorf("%s has nil ID, properties or vault URI", *id) - } + props, err := c.VaultsClient.Get(ctx, id.ResourceGroup, id.Name) + if err != nil { + return nil, fmt.Errorf("retrieving %s: %+v", *id, err) + } + if props.Properties == nil || props.Properties.VaultURI == nil { + return nil, fmt.Errorf("retrieving %s: `properties.VaultUri` was nil", *id) + } - if keyVaultBaseUrl == *get.Properties.VaultURI { - c.AddToCache(*id, *get.Properties.VaultURI) - return get.ID, nil + c.AddToCache(*id, *props.Properties.VaultURI) + return utils.String(id.ID()), nil } - if e := list.NextWithContext(ctx); e != nil { - return nil, fmt.Errorf("failed to get next vault on KeyVault url %q : %+v", keyVaultBaseUrl, err) + if err := result.NextWithContext(ctx); err != nil { + return nil, fmt.Errorf("iterating over results: %+v", err) } } @@ -133,7 +133,11 @@ func (c *Client) KeyVaultIDFromBaseUrl(ctx context.Context, keyVaultBaseUrl stri } func (c *Client) Purge(keyVaultId parse.VaultId) { - // TODO: hook this up + if lock[keyVaultId.Name] == nil { + lock[keyVaultId.Name] = &sync.RWMutex{} + } + lock[keyVaultId.Name].Lock() + defer lock[keyVaultId.Name].Unlock() delete(keyVaultsCache, keyVaultId.Name) } diff --git a/azurerm/internal/services/keyvault/internal.go b/azurerm/internal/services/keyvault/internal.go index 5a052f17d838..113d127cc6c6 100644 --- a/azurerm/internal/services/keyvault/internal.go +++ b/azurerm/internal/services/keyvault/internal.go @@ -10,7 +10,6 @@ import ( "github.com/Azure/go-autorest/autorest" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" @@ -126,7 +125,8 @@ func keyVaultChildItemRefreshFunc(secretUri string) resource.StateRefreshFunc { } func nestedItemResourceImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - client := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -135,7 +135,7 @@ func nestedItemResourceImporter(d *schema.ResourceData, meta interface{}) ([]*sc return []*schema.ResourceData{d}, fmt.Errorf("parsing ID %q for Key Vault Child import: %v", d.Id(), err) } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, client, id.KeyVaultBaseUrl) + keyVaultId, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return []*schema.ResourceData{d}, fmt.Errorf("retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go b/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go index ef07345e51e2..c9dc201190cb 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_data_source.go @@ -10,7 +10,6 @@ import ( "github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate" @@ -228,24 +227,27 @@ func dataSourceKeyVaultCertificate() *schema.Resource { } func dataSourceKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } version := d.Get("version").(string) - keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultId, err) + return fmt.Errorf("looking up base uri for Key %q in %s: %+v", name, *keyVaultId, err) } - cert, err := client.GetCertificate(ctx, keyVaultBaseUri, name, version) + cert, err := client.GetCertificate(ctx, *keyVaultBaseUri, name, version) if err != nil { if utils.ResponseWasNotFound(cert.Response) { - log.Printf("[DEBUG] Certificate %q was not found in Key Vault at URI %q - removing from state", name, keyVaultBaseUri) + log.Printf("[DEBUG] Certificate %q was not found in Key Vault at URI %q - removing from state", name, *keyVaultBaseUri) d.SetId("") return nil } diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_issuer_data_source.go b/azurerm/internal/services/keyvault/key_vault_certificate_issuer_data_source.go index 3c3f26ec5f9a..93e91a16ff1d 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_issuer_data_source.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_issuer_data_source.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" @@ -77,23 +78,26 @@ func dataSourceKeyVaultCertificateIssuer() *schema.Resource { } func dataSourceKeyVaultCertificateIssuerRead(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } - keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("failed to look up Certificate Issuer %q, vault id %q: %+v", name, keyVaultId, err) + return fmt.Errorf("looking up Base URI for Certificate Issuer %q in %s: %+v", name, *keyVaultId, err) } - resp, err := client.GetCertificateIssuer(ctx, keyVaultBaseUri, name) + resp, err := client.GetCertificateIssuer(ctx, *keyVaultBaseUri, name) if err != nil { if utils.ResponseWasNotFound(resp.Response) { - return fmt.Errorf("KeyVault Certificate Issuer %q (KeyVault URI %q) does not exist", name, keyVaultBaseUri) + return fmt.Errorf("KeyVault Certificate Issuer %q (KeyVault URI %q) does not exist", name, *keyVaultBaseUri) } return fmt.Errorf("failed making Read request on Azure KeyVault Certificate Issuer %s: %+v", name, err) } diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource.go b/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource.go index d0f4015d6057..8fe354b191b6 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource.go @@ -8,7 +8,6 @@ import ( "github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" @@ -107,24 +106,27 @@ func resourceKeyVaultCertificateIssuer() *schema.Resource { } func resourceKeyVaultCertificateIssuerCreateOrUpdate(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } - keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("failed to look up Certificate Issuer %q vault url from id %q: %+v", name, keyVaultId, err) + return fmt.Errorf("retrieving base uri for %s: %+v", *keyVaultId, err) } if d.IsNewResource() { - existing, err := client.GetCertificateIssuer(ctx, keyVaultBaseUri, name) + existing, err := client.GetCertificateIssuer(ctx, *keyVaultBaseUri, name) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("failed to check for presence of existing Certificate Issuer %q (Key Vault %q): %s", name, keyVaultBaseUri, err) + return fmt.Errorf("failed to check for presence of existing Certificate Issuer %q (Key Vault %q): %s", name, *keyVaultBaseUri, err) } } @@ -156,12 +158,11 @@ func resourceKeyVaultCertificateIssuerCreateOrUpdate(d *schema.ResourceData, met } } - _, err = client.SetCertificateIssuer(ctx, keyVaultBaseUri, name, parameter) - if err != nil { + if _, err = client.SetCertificateIssuer(ctx, *keyVaultBaseUri, name, parameter); err != nil { return fmt.Errorf("failed to set Certificate Issuer %q (Key Vault %q): %s", name, keyVaultId, err) } - resp, err := client.GetCertificateIssuer(ctx, keyVaultBaseUri, name) + resp, err := client.GetCertificateIssuer(ctx, *keyVaultBaseUri, name) if err != nil { return err } @@ -175,8 +176,9 @@ func resourceKeyVaultCertificateIssuerCreateOrUpdate(d *schema.ResourceData, met } func resourceKeyVaultCertificateIssuerRead(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient client := meta.(*clients.Client).KeyVault.ManagementClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -185,22 +187,27 @@ func resourceKeyVaultCertificateIssuerRead(d *schema.ResourceData, meta interfac return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { log.Printf("[DEBUG] Unable to determine the Resource ID for the Key Vault at URL %q - removing from state!", id.KeyVaultBaseUrl) d.SetId("") return nil } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } + + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) + return fmt.Errorf("checking if %s for Certificate %q exists: %v", *keyVaultId, id.Name, err) } if !ok { - log.Printf("[DEBUG] Certificate %q Key Vault %q was not found in Key Vault at URI %q - removing from state", id.Name, *keyVaultId, id.KeyVaultBaseUrl) + log.Printf("[DEBUG] Certificate %q was not found %s - removing from state", id.Name, *keyVaultId) d.SetId("") return nil } @@ -238,7 +245,8 @@ func resourceKeyVaultCertificateIssuerRead(d *schema.ResourceData, meta interfac func resourceKeyVaultCertificateIssuerDelete(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).KeyVault.ManagementClient - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -248,14 +256,18 @@ func resourceKeyVaultCertificateIssuerDelete(d *schema.ResourceData, meta interf } // we verify it exists - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { - return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) + return fmt.Errorf("retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) + } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error checking if key vault %q for Issuer %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) + return fmt.Errorf("checking if key vault %q for Issuer %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } if !ok { diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource_test.go b/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource_test.go index f8f8480a7d45..822f60f12f10 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource_test.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_issuer_resource_test.go @@ -7,7 +7,6 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance/check" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" @@ -101,19 +100,23 @@ func TestAccKeyVaultCertificateIssuer_disappears(t *testing.T) { func (r KeyVaultCertificateIssuerResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) { client := clients.KeyVault.ManagementClient - keyVaultClient := clients.KeyVault.VaultsClient + keyVaultsClient := clients.KeyVault id, err := parse.IssuerID(state.ID) if err != nil { return nil, err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) - if err != nil || keyVaultId == nil { + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, clients.Resource, id.KeyVaultBaseUrl) + if err != nil || keyVaultIdRaw == nil { return nil, fmt.Errorf("retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return nil, err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil || !ok { return nil, fmt.Errorf("checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -128,24 +131,28 @@ func (r KeyVaultCertificateIssuerResource) Exists(ctx context.Context, clients * func (r KeyVaultCertificateIssuerResource) Destroy(ctx context.Context, client *clients.Client, state *terraform.InstanceState) (*bool, error) { dataPlaneClient := client.KeyVault.ManagementClient - vaultClient := client.KeyVault.VaultsClient + keyVaultsClient := client.KeyVault name := state.Attributes["name"] - keyVaultId := state.Attributes["key_vault_id"] - vaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultId, err := parse.VaultID(state.Attributes["key_vault_id"]) + if err != nil { + return nil, err + } + + vaultBaseUrl, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { return utils.Bool(false), fmt.Errorf("failed to look up base URI from id %q: %+v", keyVaultId, err) } - ok, err := azure.KeyVaultExists(ctx, vaultClient, keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { - return nil, fmt.Errorf("failed to check if key vault %q for Certificate Issuer %q in Vault at url %q exists: %v", keyVaultId, name, vaultBaseUrl, err) + return nil, fmt.Errorf("failed to check if key vault %q for Certificate Issuer %q in Vault at url %q exists: %v", keyVaultId.ID(), name, *vaultBaseUrl, err) } if !ok { - return utils.Bool(false), fmt.Errorf("Certificate Issuer %q Key Vault %q was not found in Key Vault at URI %q", name, keyVaultId, vaultBaseUrl) + return utils.Bool(false), fmt.Errorf("Certificate Issuer %q Key Vault %q was not found in Key Vault at URI %q", name, keyVaultId.ID(), *vaultBaseUrl) } - resp, err := dataPlaneClient.DeleteCertificateIssuer(ctx, vaultBaseUrl, name) + resp, err := dataPlaneClient.DeleteCertificateIssuer(ctx, *vaultBaseUrl, name) if err != nil { if utils.ResponseWasNotFound(resp.Response) { return utils.Bool(true), nil diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_resource.go b/azurerm/internal/services/keyvault/key_vault_certificate_resource.go index 06d86bf4a71e..f2448d0b881d 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_resource.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_resource.go @@ -16,7 +16,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" @@ -358,23 +357,26 @@ func resourceKeyVaultCertificate() *schema.Resource { } func resourceKeyVaultCertificateCreate(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } - keyVaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUrl, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error looking up Certificate %q vault url from id %q: %+v", name, keyVaultId, err) + return fmt.Errorf("looking up Base URI for Certificate %q in %s: %+v", name, *keyVaultId, err) } - existing, err := client.GetCertificate(ctx, keyVaultBaseUrl, name, "") + existing, err := client.GetCertificate(ctx, *keyVaultBaseUrl, name, "") if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("Error checking for presence of existing Certificate %q (Key Vault %q): %s", name, keyVaultBaseUrl, err) + return fmt.Errorf("checking for presence of existing Certificate %q in %s: %s", name, *keyVaultBaseUrl, err) } } @@ -394,7 +396,7 @@ func resourceKeyVaultCertificateCreate(d *schema.ResourceData, meta interface{}) CertificatePolicy: &policy, Tags: tags.Expand(t), } - if _, err := client.ImportCertificate(ctx, keyVaultBaseUrl, name, importParameters); err != nil { + if _, err := client.ImportCertificate(ctx, *keyVaultBaseUrl, name, importParameters); err != nil { return err } } else { @@ -403,9 +405,9 @@ func resourceKeyVaultCertificateCreate(d *schema.ResourceData, meta interface{}) CertificatePolicy: &policy, Tags: tags.Expand(t), } - if resp, err := client.CreateCertificate(ctx, keyVaultBaseUrl, name, parameters); err != nil { + if resp, err := client.CreateCertificate(ctx, *keyVaultBaseUrl, name, parameters); err != nil { if meta.(*clients.Client).Features.KeyVault.RecoverSoftDeletedKeyVaults && utils.ResponseWasConflict(resp.Response) { - recoveredCertificate, err := client.RecoverDeletedCertificate(ctx, keyVaultBaseUrl, name) + recoveredCertificate, err := client.RecoverDeletedCertificate(ctx, *keyVaultBaseUrl, name) if err != nil { return err } @@ -431,11 +433,11 @@ func resourceKeyVaultCertificateCreate(d *schema.ResourceData, meta interface{}) } } - log.Printf("[DEBUG] Waiting for Key Vault Certificate %q in Vault %q to be provisioned", name, keyVaultBaseUrl) + log.Printf("[DEBUG] Waiting for Key Vault Certificate %q in Vault %q to be provisioned", name, *keyVaultBaseUrl) stateConf := &resource.StateChangeConf{ Pending: []string{"Provisioning"}, Target: []string{"Ready"}, - Refresh: keyVaultCertificateCreationRefreshFunc(ctx, client, keyVaultBaseUrl, name), + Refresh: keyVaultCertificateCreationRefreshFunc(ctx, client, *keyVaultBaseUrl, name), MinTimeout: 15 * time.Second, Timeout: d.Timeout(schema.TimeoutCreate), } @@ -448,11 +450,11 @@ func resourceKeyVaultCertificateCreate(d *schema.ResourceData, meta interface{}) } if _, err := stateConf.WaitForState(); err != nil { - return fmt.Errorf("Error waiting for Certificate %q in Vault %q to become available: %s", name, keyVaultBaseUrl, err) + return fmt.Errorf("Error waiting for Certificate %q in Vault %q to become available: %s", name, *keyVaultBaseUrl, err) } } - resp, err := client.GetCertificate(ctx, keyVaultBaseUrl, name, "") + resp, err := client.GetCertificate(ctx, *keyVaultBaseUrl, name, "") if err != nil { return err } @@ -485,8 +487,9 @@ func keyVaultCertificateCreationRefreshFunc(ctx context.Context, client *keyvaul } func resourceKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -495,22 +498,27 @@ func resourceKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}) e return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { log.Printf("[DEBUG] Unable to determine the Resource ID for the Key Vault at URL %q - removing from state!", id.KeyVaultBaseUrl) d.SetId("") return nil } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) if err != nil { - return fmt.Errorf("Error checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) + return err + } + + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) + if err != nil { + return fmt.Errorf("checking if %s for Certificate %q exists: %v", *keyVaultId, id.Name, err) } if !ok { - log.Printf("[DEBUG] Certificate %q Key Vault %q was not found in Key Vault at URI %q - removing from state", id.Name, *keyVaultId, id.KeyVaultBaseUrl) + log.Printf("[DEBUG] Certificate %q was not found in %s - removing from state", id.Name, *keyVaultId) d.SetId("") return nil } @@ -568,8 +576,9 @@ func resourceKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}) e } func resourceKeyVaultCertificateDelete(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() @@ -578,15 +587,20 @@ func resourceKeyVaultCertificateDelete(d *schema.ResourceData, meta interface{}) return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { return fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", id.KeyVaultBaseUrl) } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } + + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } diff --git a/azurerm/internal/services/keyvault/key_vault_certificate_resource_test.go b/azurerm/internal/services/keyvault/key_vault_certificate_resource_test.go index 4b0749ecbd87..398fbf3dcdfc 100644 --- a/azurerm/internal/services/keyvault/key_vault_certificate_resource_test.go +++ b/azurerm/internal/services/keyvault/key_vault_certificate_resource_test.go @@ -7,7 +7,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/terraform" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance/check" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" @@ -245,7 +244,7 @@ func TestAccKeyVaultCertificate_withExternalAccessPolicy(t *testing.T) { } func (t KeyVaultCertificateResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) { - keyVaultClient := clients.KeyVault.VaultsClient + keyVaultsClient := clients.KeyVault client := clients.KeyVault.ManagementClient id, err := parse.ParseNestedItemID(state.ID) @@ -253,12 +252,15 @@ func (t KeyVaultCertificateResource) Exists(ctx context.Context, clients *client return nil, err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) - if err != nil || keyVaultId == nil { + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, clients.Resource, id.KeyVaultBaseUrl) + if err != nil || keyVaultIdRaw == nil { return nil, fmt.Errorf("retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return nil, err + } + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil || !ok { return nil, fmt.Errorf("checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -286,13 +288,17 @@ func (KeyVaultCertificateResource) destroyParentKeyVault(ctx context.Context, cl func (KeyVaultCertificateResource) Destroy(ctx context.Context, client *clients.Client, state *terraform.InstanceState) (*bool, error) { name := state.Attributes["name"] - keyVaultId := state.Attributes["key_vault_id"] - vaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, client.KeyVault.VaultsClient, keyVaultId) + keyVaultId, err := parse.VaultID(state.Attributes["key_vault_id"]) + if err != nil { + return nil, err + } + + vaultBaseUrl, err := client.KeyVault.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { return nil, fmt.Errorf("looking up base uri for Secret %q from id %q: %+v", name, keyVaultId, err) } - if _, err := client.KeyVault.ManagementClient.DeleteCertificate(ctx, vaultBaseUrl, name); err != nil { + if _, err := client.KeyVault.ManagementClient.DeleteCertificate(ctx, *vaultBaseUrl, name); err != nil { return nil, fmt.Errorf("Bad: Delete on keyVaultManagementClient: %+v", err) } diff --git a/azurerm/internal/services/keyvault/key_vault_key_data_source.go b/azurerm/internal/services/keyvault/key_vault_key_data_source.go index bc06de84b4cd..09ff80358221 100644 --- a/azurerm/internal/services/keyvault/key_vault_key_data_source.go +++ b/azurerm/internal/services/keyvault/key_vault_key_data_source.go @@ -5,7 +5,6 @@ import ( "time" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate" @@ -74,23 +73,26 @@ func dataSourceKeyVaultKey() *schema.Resource { } func dataSourceKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } - keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultId, err) } - resp, err := client.GetKey(ctx, keyVaultBaseUri, name, "") + resp, err := client.GetKey(ctx, *keyVaultBaseUri, name, "") if err != nil { if utils.ResponseWasNotFound(resp.Response) { - return fmt.Errorf("Key %q was not found in Key Vault at URI %q", name, keyVaultBaseUri) + return fmt.Errorf("Key %q was not found in Key Vault at URI %q", name, *keyVaultBaseUri) } return err @@ -103,7 +105,7 @@ func dataSourceKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error { } d.SetId(id) - d.Set("key_vault_id", keyVaultId) + d.Set("key_vault_id", keyVaultId.ID()) if key := resp.Key; key != nil { d.Set("key_type", string(key.Kty)) diff --git a/azurerm/internal/services/keyvault/key_vault_key_resource.go b/azurerm/internal/services/keyvault/key_vault_key_resource.go index a1aa9d78e6d5..caa0e623d1fa 100644 --- a/azurerm/internal/services/keyvault/key_vault_key_resource.go +++ b/azurerm/internal/services/keyvault/key_vault_key_resource.go @@ -13,7 +13,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" @@ -157,24 +156,27 @@ func resourceKeyVaultKey() *schema.Resource { } func resourceKeyVaultKeyCreate(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) defer cancel() log.Print("[INFO] preparing arguments for AzureRM KeyVault Key creation.") name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } - keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultId, err) + return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, *keyVaultId, err) } - existing, err := client.GetKey(ctx, keyVaultBaseUri, name, "") + existing, err := client.GetKey(ctx, *keyVaultBaseUri, name, "") if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("Error checking for presence of existing Key %q (Key Vault %q): %s", name, keyVaultBaseUri, err) + return fmt.Errorf("Error checking for presence of existing Key %q (Key Vault %q): %s", name, *keyVaultBaseUri, err) } } @@ -223,9 +225,9 @@ func resourceKeyVaultKeyCreate(d *schema.ResourceData, meta interface{}) error { parameters.KeyAttributes.Expires = &expirationUnixTime } - if resp, err := client.CreateKey(ctx, keyVaultBaseUri, name, parameters); err != nil { + if resp, err := client.CreateKey(ctx, *keyVaultBaseUri, name, parameters); err != nil { if meta.(*clients.Client).Features.KeyVault.RecoverSoftDeletedKeyVaults && utils.ResponseWasConflict(resp.Response) { - recoveredKey, err := client.RecoverDeletedKey(ctx, keyVaultBaseUri, name) + recoveredKey, err := client.RecoverDeletedKey(ctx, *keyVaultBaseUri, name) if err != nil { return err } @@ -252,7 +254,7 @@ func resourceKeyVaultKeyCreate(d *schema.ResourceData, meta interface{}) error { } // "" indicates the latest version - read, err := client.GetKey(ctx, keyVaultBaseUri, name, "") + read, err := client.GetKey(ctx, *keyVaultBaseUri, name, "") if err != nil { return err } @@ -263,8 +265,9 @@ func resourceKeyVaultKeyCreate(d *schema.ResourceData, meta interface{}) error { } func resourceKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -273,15 +276,20 @@ func resourceKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) error { return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { - return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) + return fmt.Errorf("retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { return fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", id.KeyVaultBaseUrl) } - ok, err := azure.KeyVaultExists(ctx, vaultClient, *keyVaultId) + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } + + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error checking if key vault %q for Key %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -322,8 +330,9 @@ func resourceKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) error { } func resourceKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -332,17 +341,21 @@ func resourceKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error { return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { log.Printf("[DEBUG] Unable to determine the Resource ID for the Key Vault at URL %q - removing from state!", id.KeyVaultBaseUrl) d.SetId("") return nil } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error checking if key vault %q for Key %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -405,8 +418,9 @@ func resourceKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error { } func resourceKeyVaultKeyDelete(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() @@ -415,15 +429,19 @@ func resourceKeyVaultKeyDelete(d *schema.ResourceData, meta interface{}) error { return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { return fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", id.KeyVaultBaseUrl) } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error checking if key vault %q for Key %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } diff --git a/azurerm/internal/services/keyvault/key_vault_key_resource_test.go b/azurerm/internal/services/keyvault/key_vault_key_resource_test.go index 4c212397047a..d777cdcb8a80 100644 --- a/azurerm/internal/services/keyvault/key_vault_key_resource_test.go +++ b/azurerm/internal/services/keyvault/key_vault_key_resource_test.go @@ -10,7 +10,6 @@ import ( "github.com/Azure/go-autorest/autorest/date" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/terraform" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance/check" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" @@ -267,19 +266,23 @@ func TestAccKeyVaultKey_withExternalAccessPolicy(t *testing.T) { func (r KeyVaultKeyResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) { client := clients.KeyVault.ManagementClient - keyVaultClient := clients.KeyVault.VaultsClient + keyVaultsClient := clients.KeyVault id, err := parse.ParseNestedItemID(state.ID) if err != nil { return nil, err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) - if err != nil || keyVaultId == nil { + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, clients.Resource, id.KeyVaultBaseUrl) + if err != nil || keyVaultIdRaw == nil { return nil, fmt.Errorf("retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return nil, err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil || !ok { return nil, fmt.Errorf("checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -308,8 +311,12 @@ func (KeyVaultKeyResource) destroyParentKeyVault(ctx context.Context, client *cl func (KeyVaultKeyResource) updateExpiryDate(expiryDate string) acceptance.ClientCheckFunc { return func(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) error { name := state.Attributes["name"] - keyVaultId := state.Attributes["key_vault_id"] - vaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, clients.KeyVault.VaultsClient, keyVaultId) + keyVaultId, err := parse.VaultID(state.Attributes["key_vault_id"]) + if err != nil { + return err + } + + vaultBaseUrl, err := clients.KeyVault.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { return fmt.Errorf("looking up base uri for Key %q from %q: %+v", name, keyVaultId, err) } @@ -324,7 +331,7 @@ func (KeyVaultKeyResource) updateExpiryDate(expiryDate string) acceptance.Client Expires: &expirationUnixTime, }, } - if _, err = clients.KeyVault.ManagementClient.UpdateKey(ctx, vaultBaseUrl, name, "", update); err != nil { + if _, err = clients.KeyVault.ManagementClient.UpdateKey(ctx, *vaultBaseUrl, name, "", update); err != nil { return fmt.Errorf("updating secret: %+v", err) } @@ -334,13 +341,17 @@ func (KeyVaultKeyResource) updateExpiryDate(expiryDate string) acceptance.Client func (KeyVaultKeyResource) Destroy(ctx context.Context, client *clients.Client, state *terraform.InstanceState) (*bool, error) { name := state.Attributes["name"] - keyVaultId := state.Attributes["key_vault_id"] - vaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, client.KeyVault.VaultsClient, keyVaultId) + keyVaultId, err := parse.VaultID(state.Attributes["key_vault_id"]) + if err != nil { + return nil, err + } + + vaultBaseUrl, err := client.KeyVault.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { return nil, fmt.Errorf("looking up Secret %q vault url from id %q: %+v", name, keyVaultId, err) } - if _, err := client.KeyVault.ManagementClient.DeleteKey(ctx, vaultBaseUrl, name); err != nil { + if _, err := client.KeyVault.ManagementClient.DeleteKey(ctx, *vaultBaseUrl, name); err != nil { return nil, fmt.Errorf("deleting keyVaultManagementClient: %+v", err) } diff --git a/azurerm/internal/services/keyvault/key_vault_secret_data_source.go b/azurerm/internal/services/keyvault/key_vault_secret_data_source.go index c1a63fda514b..b8ef481878ab 100644 --- a/azurerm/internal/services/keyvault/key_vault_secret_data_source.go +++ b/azurerm/internal/services/keyvault/key_vault_secret_data_source.go @@ -5,7 +5,6 @@ import ( "time" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate" @@ -57,24 +56,27 @@ func dataSourceKeyVaultSecret() *schema.Resource { } func dataSourceKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } - keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error looking up Secret %q vault url from id %q: %+v", name, keyVaultId, err) + return fmt.Errorf("Error looking up Secret %q vault url from id %q: %+v", name, *keyVaultId, err) } // we always want to get the latest version - resp, err := client.GetSecret(ctx, keyVaultBaseUri, name, "") + resp, err := client.GetSecret(ctx, *keyVaultBaseUri, name, "") if err != nil { if utils.ResponseWasNotFound(resp.Response) { - return fmt.Errorf("KeyVault Secret %q (KeyVault URI %q) does not exist", name, keyVaultBaseUri) + return fmt.Errorf("KeyVault Secret %q (KeyVault URI %q) does not exist", name, *keyVaultBaseUri) } return fmt.Errorf("Error making Read request on Azure KeyVault Secret %s: %+v", name, err) } @@ -88,7 +90,7 @@ func dataSourceKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) erro d.SetId(*resp.ID) d.Set("name", respID.Name) - d.Set("key_vault_id", keyVaultId) + d.Set("key_vault_id", keyVaultId.ID()) d.Set("value", resp.Value) d.Set("version", respID.Version) d.Set("content_type", resp.ContentType) diff --git a/azurerm/internal/services/keyvault/key_vault_secret_resource.go b/azurerm/internal/services/keyvault/key_vault_secret_resource.go index 1bdee0ceb6cf..a796b80828e5 100644 --- a/azurerm/internal/services/keyvault/key_vault_secret_resource.go +++ b/azurerm/internal/services/keyvault/key_vault_secret_resource.go @@ -12,7 +12,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" @@ -88,7 +87,7 @@ func resourceKeyVaultSecret() *schema.Resource { } func resourceKeyVaultSecretCreate(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -96,17 +95,20 @@ func resourceKeyVaultSecretCreate(d *schema.ResourceData, meta interface{}) erro log.Print("[INFO] preparing arguments for AzureRM KeyVault Secret creation.") name := d.Get("name").(string) - keyVaultId := d.Get("key_vault_id").(string) + keyVaultId, err := parse.VaultID(d.Get("key_vault_id").(string)) + if err != nil { + return err + } - keyVaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultBaseUrl, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { - return fmt.Errorf("Error looking up Secret %q vault url from id %q: %+v", name, keyVaultId, err) + return fmt.Errorf("looking up Secret %q vault url from id %q: %+v", name, *keyVaultId, err) } - existing, err := client.GetSecret(ctx, keyVaultBaseUrl, name, "") + existing, err := client.GetSecret(ctx, *keyVaultBaseUrl, name, "") if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("Error checking for presence of existing Secret %q (Key Vault %q): %s", name, keyVaultBaseUrl, err) + return fmt.Errorf("checking for presence of existing Secret %q (Key Vault %q): %s", name, *keyVaultBaseUrl, err) } } @@ -137,11 +139,11 @@ func resourceKeyVaultSecretCreate(d *schema.ResourceData, meta interface{}) erro parameters.SecretAttributes.Expires = &expirationUnixTime } - if resp, err := client.SetSecret(ctx, keyVaultBaseUrl, name, parameters); err != nil { + if resp, err := client.SetSecret(ctx, *keyVaultBaseUrl, name, parameters); err != nil { // In the case that the Secret already exists in a Soft Deleted / Recoverable state we check if `recover_soft_deleted_key_vaults` is set // and attempt recovery where appropriate if meta.(*clients.Client).Features.KeyVault.RecoverSoftDeletedKeyVaults && utils.ResponseWasConflict(resp.Response) { - recoveredSecret, err := client.RecoverDeletedSecret(ctx, keyVaultBaseUrl, name) + recoveredSecret, err := client.RecoverDeletedSecret(ctx, *keyVaultBaseUrl, name) if err != nil { return err } @@ -170,13 +172,13 @@ func resourceKeyVaultSecretCreate(d *schema.ResourceData, meta interface{}) erro } // "" indicates the latest version - read, err := client.GetSecret(ctx, keyVaultBaseUrl, name, "") + read, err := client.GetSecret(ctx, *keyVaultBaseUrl, name, "") if err != nil { return err } if read.ID == nil { - return fmt.Errorf("Cannot read KeyVault Secret '%s' (in key vault '%s')", name, keyVaultBaseUrl) + return fmt.Errorf("Cannot read KeyVault Secret '%s' (in key vault '%s')", name, *keyVaultBaseUrl) } d.SetId(*read.ID) @@ -185,8 +187,9 @@ func resourceKeyVaultSecretCreate(d *schema.ResourceData, meta interface{}) erro } func resourceKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d) defer cancel() log.Print("[INFO] preparing arguments for AzureRM KeyVault Secret update.") @@ -196,15 +199,19 @@ func resourceKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) erro return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { return fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", id.KeyVaultBaseUrl) } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error checking if key vault %q for Secret %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -257,9 +264,9 @@ func resourceKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) erro } // "" indicates the latest version - read, err2 := client.GetSecret(ctx, id.KeyVaultBaseUrl, id.Name, "") - if err2 != nil { - return fmt.Errorf("Error getting Key Vault Secret %q : %+v", id.Name, err2) + read, err := client.GetSecret(ctx, id.KeyVaultBaseUrl, id.Name, "") + if err != nil { + return fmt.Errorf("getting Key Vault Secret %q : %+v", id.Name, err) } if _, err = parse.ParseNestedItemID(*read.ID); err != nil { @@ -273,8 +280,9 @@ func resourceKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) erro } func resourceKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -283,17 +291,21 @@ func resourceKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) error return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { log.Printf("[DEBUG] Unable to determine the Resource ID for the Key Vault at URL %q - removing from state!", id.KeyVaultBaseUrl) d.SetId("") return nil } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error checking if key vault %q for Secret %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -339,8 +351,9 @@ func resourceKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) error } func resourceKeyVaultSecretDelete(d *schema.ResourceData, meta interface{}) error { - keyVaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).KeyVault.ManagementClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() @@ -349,15 +362,19 @@ func resourceKeyVaultSecretDelete(d *schema.ResourceData, meta interface{}) erro return err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, id.KeyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } - if keyVaultId == nil { + if keyVaultIdRaw == nil { return fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", id.KeyVaultBaseUrl) } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil { return fmt.Errorf("Error checking if key vault %q for Secret %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } diff --git a/azurerm/internal/services/keyvault/key_vault_secret_resource_test.go b/azurerm/internal/services/keyvault/key_vault_secret_resource_test.go index fc033782463c..9f9ac203765e 100644 --- a/azurerm/internal/services/keyvault/key_vault_secret_resource_test.go +++ b/azurerm/internal/services/keyvault/key_vault_secret_resource_test.go @@ -8,7 +8,6 @@ import ( "github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/terraform" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance/check" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" @@ -201,19 +200,23 @@ func TestAccKeyVaultSecret_withExternalAccessPolicy(t *testing.T) { func (KeyVaultSecretResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) { client := clients.KeyVault.ManagementClient - keyVaultClient := clients.KeyVault.VaultsClient + keyVaultsClient := clients.KeyVault id, err := parse.ParseNestedItemID(state.ID) if err != nil { return nil, err } - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, keyVaultClient, id.KeyVaultBaseUrl) - if err != nil || keyVaultId == nil { + keyVaultIdRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, clients.Resource, id.KeyVaultBaseUrl) + if err != nil || keyVaultIdRaw == nil { return nil, fmt.Errorf("retrieving the Resource ID the Key Vault at URL %q: %s", id.KeyVaultBaseUrl, err) } + keyVaultId, err := parse.VaultID(*keyVaultIdRaw) + if err != nil { + return nil, err + } - ok, err := azure.KeyVaultExists(ctx, keyVaultClient, *keyVaultId) + ok, err := keyVaultsClient.Exists(ctx, *keyVaultId) if err != nil || !ok { return nil, fmt.Errorf("checking if key vault %q for Certificate %q in Vault at url %q exists: %v", *keyVaultId, id.Name, id.KeyVaultBaseUrl, err) } @@ -229,16 +232,18 @@ func (KeyVaultSecretResource) Exists(ctx context.Context, clients *clients.Clien func (KeyVaultSecretResource) Destroy(ctx context.Context, client *clients.Client, state *terraform.InstanceState) (*bool, error) { dataPlaneClient := client.KeyVault.ManagementClient - vaultClient := client.KeyVault.VaultsClient name := state.Attributes["name"] - keyVaultId := state.Attributes["key_vault_id"] - vaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultId, err := parse.VaultID(state.Attributes["key_vault_id"]) + if err != nil { + return nil, err + } + vaultBaseUrl, err := client.KeyVault.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { return nil, fmt.Errorf("looking up Secret %q vault url from id %q: %+v", name, keyVaultId, err) } - if _, err := dataPlaneClient.DeleteSecret(ctx, vaultBaseUrl, name); err != nil { + if _, err := dataPlaneClient.DeleteSecret(ctx, *vaultBaseUrl, name); err != nil { return nil, fmt.Errorf("Bad: Delete on keyVaultManagementClient: %+v", err) } @@ -261,11 +266,14 @@ func (KeyVaultSecretResource) destroyParentKeyVault(ctx context.Context, client func (r KeyVaultSecretResource) updateSecretValue(value string) acceptance.ClientCheckFunc { return func(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) error { dataPlaneClient := clients.KeyVault.ManagementClient - vaultClient := clients.KeyVault.VaultsClient name := state.Attributes["name"] - keyVaultId := state.Attributes["key_vault_id"] - vaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId) + keyVaultId, err := parse.VaultID(state.Attributes["key_vault_id"]) + if err != nil { + return err + } + + vaultBaseUrl, err := clients.KeyVault.BaseUriForKeyVault(ctx, *keyVaultId) if err != nil { return fmt.Errorf("looking up Secret %q vault url from id %q: %+v", name, keyVaultId, err) } @@ -273,7 +281,7 @@ func (r KeyVaultSecretResource) updateSecretValue(value string) acceptance.Clien updated := keyvault.SecretSetParameters{ Value: utils.String(value), } - if _, err = dataPlaneClient.SetSecret(ctx, vaultBaseUrl, name, updated); err != nil { + if _, err = dataPlaneClient.SetSecret(ctx, *vaultBaseUrl, name, updated); err != nil { return fmt.Errorf("updating secret: %+v", err) } return nil diff --git a/azurerm/internal/services/kusto/kusto_cluster_customer_managed_key_resource.go b/azurerm/internal/services/kusto/kusto_cluster_customer_managed_key_resource.go index 07f5aa045761..0e144efe3ca5 100644 --- a/azurerm/internal/services/kusto/kusto_cluster_customer_managed_key_resource.go +++ b/azurerm/internal/services/kusto/kusto_cluster_customer_managed_key_resource.go @@ -69,7 +69,8 @@ func resourceKustoClusterCustomerManagedKey() *schema.Resource { func resourceKustoClusterCustomerManagedKeyCreateUpdate(d *schema.ResourceData, meta interface{}) error { clusterClient := meta.(*clients.Client).Kusto.ClustersClient - vaultsClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + vaultsClient := keyVaultsClient.VaultsClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -126,7 +127,7 @@ func resourceKustoClusterCustomerManagedKeyCreateUpdate(d *schema.ResourceData, return fmt.Errorf("Key Vault %q (Resource Group %q) must be configured for both Purge Protection and Soft Delete", keyVaultID.Name, keyVaultID.ResourceGroup) } - keyVaultBaseURL, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultsClient, keyVaultIDRaw) + keyVaultBaseURL, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultID) if err != nil { return fmt.Errorf("Error looking up Key Vault URI from Key Vault %q (Resource Group %q): %+v", keyVaultID.Name, keyVaultID.ResourceGroup, err) } @@ -138,7 +139,7 @@ func resourceKustoClusterCustomerManagedKeyCreateUpdate(d *schema.ResourceData, KeyVaultProperties: &kusto.KeyVaultProperties{ KeyName: utils.String(keyName), KeyVersion: utils.String(keyVersion), - KeyVaultURI: utils.String(keyVaultBaseURL), + KeyVaultURI: utils.String(*keyVaultBaseURL), }, }, } @@ -158,7 +159,8 @@ func resourceKustoClusterCustomerManagedKeyCreateUpdate(d *schema.ResourceData, func resourceKustoClusterCustomerManagedKeyRead(d *schema.ResourceData, meta interface{}) error { clusterClient := meta.(*clients.Client).Kusto.ClustersClient - vaultsClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -208,7 +210,7 @@ func resourceKustoClusterCustomerManagedKeyRead(d *schema.ResourceData, meta int } // now we have the key vault uri we can look up the ID - keyVaultID, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultsClient, keyVaultURI) + keyVaultID, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultURI) if err != nil { return fmt.Errorf("Error retrieving Key Vault ID from the Base URI %q: %+v", keyVaultURI, err) } diff --git a/azurerm/internal/services/mysql/mysql_server_key_resource.go b/azurerm/internal/services/mysql/mysql_server_key_resource.go index d9a546a21099..171b156716a2 100644 --- a/azurerm/internal/services/mysql/mysql_server_key_resource.go +++ b/azurerm/internal/services/mysql/mysql_server_key_resource.go @@ -6,17 +6,17 @@ import ( "log" "time" - "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2019-09-01/keyvault" "github.com/Azure/azure-sdk-for-go/services/mysql/mgmt/2020-01-01/mysql" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/locks" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/client" keyVaultParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/mysql/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/mysql/validate" + resourcesClient "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/client" azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" @@ -58,12 +58,12 @@ func resourceMySQLServerKey() *schema.Resource { } } -func getMySQLServerKeyName(ctx context.Context, vaultsClient *keyvault.VaultsClient, keyVaultKeyURI string) (*string, error) { +func getMySQLServerKeyName(ctx context.Context, keyVaultsClient *client.Client, resourcesClient *resourcesClient.Client, keyVaultKeyURI string) (*string, error) { keyVaultKeyID, err := keyVaultParse.ParseNestedItemID(keyVaultKeyURI) if err != nil { return nil, err } - keyVaultIDRaw, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultsClient, keyVaultKeyID.KeyVaultBaseUrl) + keyVaultIDRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultKeyID.KeyVaultBaseUrl) if err != nil { return nil, err } @@ -76,7 +76,8 @@ func getMySQLServerKeyName(ctx context.Context, vaultsClient *keyvault.VaultsCli func resourceMySQLServerKeyCreateUpdate(d *schema.ResourceData, meta interface{}) error { keysClient := meta.(*clients.Client).MySQL.ServerKeysClient - vaultsClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -85,7 +86,7 @@ func resourceMySQLServerKeyCreateUpdate(d *schema.ResourceData, meta interface{} return err } keyVaultKeyURI := d.Get("key_vault_key_id").(string) - name, err := getMySQLServerKeyName(ctx, vaultsClient, keyVaultKeyURI) + name, err := getMySQLServerKeyName(ctx, keyVaultsClient, resourcesClient, keyVaultKeyURI) if err != nil { return fmt.Errorf("cannot compose name for MySQL Server Key (Resource Group %q / Server %q): %+v", serverID.ResourceGroup, serverID.Name, err) } diff --git a/azurerm/internal/services/postgres/postgresql_server_key_resource.go b/azurerm/internal/services/postgres/postgresql_server_key_resource.go index 207650a1dba2..23daa3f042c6 100644 --- a/azurerm/internal/services/postgres/postgresql_server_key_resource.go +++ b/azurerm/internal/services/postgres/postgresql_server_key_resource.go @@ -6,17 +6,17 @@ import ( "log" "time" - "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2019-09-01/keyvault" "github.com/Azure/azure-sdk-for-go/services/postgresql/mgmt/2020-01-01/postgresql" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/locks" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/client" keyVaultParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/postgres/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/postgres/validate" + resourcesClient "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/client" azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" @@ -58,12 +58,12 @@ func resourcePostgreSQLServerKey() *schema.Resource { } } -func getPostgreSQLServerKeyName(ctx context.Context, vaultsClient *keyvault.VaultsClient, keyVaultKeyURI string) (*string, error) { +func getPostgreSQLServerKeyName(ctx context.Context, keyVaultsClient *client.Client, resourcesClient *resourcesClient.Client, keyVaultKeyURI string) (*string, error) { keyVaultKeyID, err := keyVaultParse.ParseNestedItemID(keyVaultKeyURI) if err != nil { return nil, err } - keyVaultIDRaw, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultsClient, keyVaultKeyID.KeyVaultBaseUrl) + keyVaultIDRaw, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultKeyID.KeyVaultBaseUrl) if err != nil { return nil, err } @@ -80,7 +80,8 @@ func getPostgreSQLServerKeyName(ctx context.Context, vaultsClient *keyvault.Vaul func resourcePostgreSQLServerKeyCreateUpdate(d *schema.ResourceData, meta interface{}) error { keysClient := meta.(*clients.Client).Postgres.ServerKeysClient - vaultsClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -89,7 +90,7 @@ func resourcePostgreSQLServerKeyCreateUpdate(d *schema.ResourceData, meta interf return err } keyVaultKeyURI := d.Get("key_vault_key_id").(string) - name, err := getPostgreSQLServerKeyName(ctx, vaultsClient, keyVaultKeyURI) + name, err := getPostgreSQLServerKeyName(ctx, keyVaultsClient, resourcesClient, keyVaultKeyURI) if err != nil { return fmt.Errorf("cannot compose name for PostgreSQL Server Key (Resource Group %q / Server %q): %+v", serverID.ResourceGroup, serverID.Name, err) } diff --git a/azurerm/internal/services/storage/storage_account_customer_managed_key_resource.go b/azurerm/internal/services/storage/storage_account_customer_managed_key_resource.go index 8e8e6557da5f..3aa3751c1a97 100644 --- a/azurerm/internal/services/storage/storage_account_customer_managed_key_resource.go +++ b/azurerm/internal/services/storage/storage_account_customer_managed_key_resource.go @@ -8,7 +8,6 @@ import ( "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-06-01/storage" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/locks" @@ -70,7 +69,8 @@ func resourceStorageAccountCustomerManagedKey() *schema.Resource { func resourceStorageAccountCustomerManagedKeyCreateUpdate(d *schema.ResourceData, meta interface{}) error { storageClient := meta.(*clients.Client).Storage.AccountsClient - vaultsClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + vaultsClient := keyVaultsClient.VaultsClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -104,8 +104,7 @@ func resourceStorageAccountCustomerManagedKeyCreateUpdate(d *schema.ResourceData } } - keyVaultIDRaw := d.Get("key_vault_id").(string) - keyVaultID, err := keyVaultParse.VaultID(keyVaultIDRaw) + keyVaultID, err := keyVaultParse.VaultID(d.Get("key_vault_id").(string)) if err != nil { return err } @@ -129,7 +128,7 @@ func resourceStorageAccountCustomerManagedKeyCreateUpdate(d *schema.ResourceData return fmt.Errorf("Key Vault %q (Resource Group %q) must be configured for both Purge Protection and Soft Delete", keyVaultID.Name, keyVaultID.ResourceGroup) } - keyVaultBaseURL, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultsClient, keyVaultIDRaw) + keyVaultBaseURL, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultID) if err != nil { return fmt.Errorf("Error looking up Key Vault URI from Key Vault %q (Resource Group %q): %+v", keyVaultID.Name, keyVaultID.ResourceGroup, err) } @@ -152,7 +151,7 @@ func resourceStorageAccountCustomerManagedKeyCreateUpdate(d *schema.ResourceData KeyVaultProperties: &storage.KeyVaultProperties{ KeyName: utils.String(keyName), KeyVersion: utils.String(keyVersion), - KeyVaultURI: utils.String(keyVaultBaseURL), + KeyVaultURI: utils.String(*keyVaultBaseURL), }, }, }, @@ -168,7 +167,8 @@ func resourceStorageAccountCustomerManagedKeyCreateUpdate(d *schema.ResourceData func resourceStorageAccountCustomerManagedKeyRead(d *schema.ResourceData, meta interface{}) error { storageClient := meta.(*clients.Client).Storage.AccountsClient - vaultsClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -217,7 +217,7 @@ func resourceStorageAccountCustomerManagedKeyRead(d *schema.ResourceData, meta i return fmt.Errorf("Error retrieving Storage Account %q (Resource Group %q): `properties.encryption.keyVaultProperties.keyVaultURI` was nil", storageAccountID.Name, storageAccountID.ResourceGroup) } - keyVaultID, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultsClient, keyVaultURI) + keyVaultID, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultURI) if err != nil { return fmt.Errorf("Error retrieving Key Vault ID from the Base URI %q: %+v", keyVaultURI, err) } diff --git a/azurerm/internal/services/web/app_service_certificate_resource.go b/azurerm/internal/services/web/app_service_certificate_resource.go index 2215f26a9b7f..493b672ff5f1 100644 --- a/azurerm/internal/services/web/app_service_certificate_resource.go +++ b/azurerm/internal/services/web/app_service_certificate_resource.go @@ -125,8 +125,9 @@ func resourceAppServiceCertificate() *schema.Resource { } func resourceAppServiceCertificateCreateUpdate(d *schema.ResourceData, meta interface{}) error { - vaultClient := meta.(*clients.Client).KeyVault.VaultsClient + keyVaultsClient := meta.(*clients.Client).KeyVault client := meta.(*clients.Client).Web.CertificatesClient + resourcesClient := meta.(*clients.Client).Resource ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -188,7 +189,7 @@ func resourceAppServiceCertificateCreateUpdate(d *schema.ResourceData, meta inte keyVaultBaseUrl := parsedSecretId.KeyVaultBaseUrl - keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, keyVaultBaseUrl) + keyVaultId, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultBaseUrl) if err != nil { return fmt.Errorf("Error retrieving the Resource ID for the Key Vault at URL %q: %s", keyVaultBaseUrl, err) }