Terraform-provider-azurerm: key_vault_certificate certificate_data output should be base64 encoded
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
The key_vault_certificate resource outputs a certificate_data field which is
The raw Key Vault Certificate data represented as a hexadecimal string.
www.terraform.io/docs/providers/azurerm/r/key_vault_certificate.html#attributes-reference
The problem is that this isnt particularly usable and terraform does not have support for hexadecimal string representations.
I raised an issue with terraform and created a pull request https://github.com/hashicorp/terraform/issues/26163 but it has been mentioned that this seems like an oversight on the AzureRM provider side.
I think that the output should be either a PEM encoded certificate, or a base64 representation of the entire certificate (including ----BEGIN CERT----). This would make the output much more usable.
In my scenario, i want to use the output of a certificate created in the key vault as an input into the azurerm_virtual_network_gateway resource as the initial client certificate.
See my issue here for more info https://github.com/hashicorp/terraform/issues/26163
New or Affected Resource(s)
azurerm_key_vault_certificate resource, either a new output or replace the certificate_data output.
Potential Terraform Configuration
References
- #0000
akingscote
All 4 comments
It looks to me like there really is minimal changes needed here.
I couldnt see any unit tests that check the value of certificate_data, only checking that the attribute is set.
certificateData := ""
if contents := cert.Cer; contents != nil {
certificateData = base64.StdEncoding.EncodeToString(*contents)
}
d.Set("certificate_data", certificateData)
Terraform doesnt use hex strings, so i'd be surprised if anyone is actually using this hex string output.
akingscote
on 23 Sep 2020
The hex string output makes this function useless for further resources without engaging in null_resource hacks with operating system dependent conversion tools. I agree with @akingscote this cannot be used without anyone complaining here, and even though it's a breaking change - it is important enough for a correction to at least be prioritized into a certificate_data_base64 field. Then the hex choice can be corrected as a breaking change later, deprecating the new field at the next major release.
vidarw
on 19 Oct 2020
As @vidarw has mentioned this is an unfortunate oversight on our part - this likely needs to be introduced as a new field, deprecating the existing field (to ultimately be removed in 3.0), rather than breaking the behaviour of the existing field.
tombuildsstuff
on 20 Oct 2020
馃憢
Taking a look through here this appears to be a duplicate of #8072 - as such rather than having multiple issues open tracking the same thing I'm going to close this in favour of #8072 - would you mind subscribing to that issue for updates?
Thanks!
tombuildsstuff
on 16 Dec 2020
Related issues
rudolphjacksonm
路
3Comments
pdeva
路
3Comments
rolandjohann
路
3Comments
hashibot
路
3Comments
jansepke
路
3Comments
Most helpful comment
As @vidarw has mentioned this is an unfortunate oversight on our part - this likely needs to be introduced as a new field, deprecating the existing field (to ultimately be removed in 3.0), rather than breaking the behaviour of the existing field.