func expandKeyVaultAccessPolicies(d *schema.ResourceData) *[]keyvault.AccessPolicyEntry {
policies := d.Get("access_policy").([]interface{})
result := make([]keyvault.AccessPolicyEntry, 0, len(policies))
for _, policySet := range policies {
policyRaw := policySet.(map[string]interface{})
keyPermissionsRaw := policyRaw["key_permissions"].([]interface{})
keyPermissions := []keyvault.KeyPermissions{}
for _, permission := range keyPermissionsRaw {
keyPermissions = append(keyPermissions, keyvault.KeyPermissions(permission.(string)))
}
secretPermissionsRaw := policyRaw["secret_permissions"].([]interface{})
secretPermissions := []keyvault.SecretPermissions{}
for _, permission := range secretPermissionsRaw {
secretPermissions = append(secretPermissions, keyvault.SecretPermissions(permission.(string)))
}
policy := keyvault.AccessPolicyEntry{
Permissions: &keyvault.Permissions{
Keys: &keyPermissions,
Secrets: &secretPermissions,
},
}
tenantUUID := uuid.FromStringOrNil(policyRaw["tenant_id"].(string))
policy.TenantID = &tenantUUID
objectUUID := uuid.FromStringOrNil(policyRaw["object_id"].(string))
policy.ObjectID = &objectUUID
result = append(result, policy)
}
return &result
}
func resourceArmKeyVaultCreate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).keyVaultClient
log.Printf("[INFO] preparing arguments for Azure ARM KeyVault creation.")
name := d.Get("name").(string)
location := d.Get("location").(string)
resGroup := d.Get("resource_group_name").(string)
tenantUUID := uuid.FromStringOrNil(d.Get("tenant_id").(string))
enabledForDeployment := d.Get("enabled_for_deployment").(bool)
enabledForDiskEncryption := d.Get("enabled_for_disk_encryption").(bool)
enabledForTemplateDeployment := d.Get("enabled_for_template_deployment").(bool)
tags := d.Get("tags").(map[string]interface{})
parameters := keyvault.VaultCreateOrUpdateParameters{
Location: &location,
Properties: &keyvault.VaultProperties{
TenantID: &tenantUUID,
Sku: expandKeyVaultSku(d),
AccessPolicies: expandKeyVaultAccessPolicies(d),
EnabledForDeployment: &enabledForDeployment,
EnabledForDiskEncryption: &enabledForDiskEncryption,
EnabledForTemplateDeployment: &enabledForTemplateDeployment,
},
Tags: expandTags(tags),
}
_, err := client.CreateOrUpdate(resGroup, name, parameters)
if err != nil {
return err
}
read, err := client.Get(resGroup, name)
if err != nil {
return err
}
if read.ID == nil {
return fmt.Errorf("Cannot read KeyVault %s (resource group %s) ID", name, resGroup)
}
d.SetId(*read.ID)
return resourceArmKeyVaultRead(d, meta)
}