CODEWITHSUNDEEP
azureterraformazure-application-gateway
user1451104
user1451104

Reputation: 153

Terraform Azure Application Gateway unable to associate with certificate in key vault

I'm trying to install a certificate into an Application Gateway. Following the documentation I have used key_vault_secret_id in the ssl_certificate block. Here is a simplified (all the code works its just this one block that has issues so this helps to highlight the problem) version of the code:

resource "azurerm_application_gateway" "npfs_application_gateway" {
  name                = local.appgateway_name
  resource_group_name = data.azurerm_resource_group.rg_core.name
  location            = data.azurerm_resource_group.rg_core.location
  ### This is a standard V2
  sku {
    name     = var.gw_sku["name"]
    tier     = var.gw_sku["tier"]
    capacity = var.gw_sku["capacity"]
  }


  ssl_certificate {
    name                = var.pfx_certificate_name
    key_vault_secret_id = "[REDACTED]"

    password            = data.azurerm_key_vault_secret.cert-password.value
  }

  }
}

When I run this as a terraform plan I get the following error:

The argument "data" is required, but no definition was found.
An argument named "key_vault_secret_id" is not expected here.

This is weird because the docs state that the data argument is optional if a key_vault_secret_id is set, but it doesn't recognise it.

I am using the following versions:

provider.azuread v0.8.0

provider.azurerm v1.44.0

provider.null v2.1.2

provider.random v2.2.1

provider.template v2.1.2

Anybody come across this before? Is one of my versions wrong?

Upvotes: 1

Views: 2637

Answers (2)

rjacobsen0
rjacobsen0

Reputation: 1445

I was able to solve this problem by upgrading to the latest azurerm terraform provider, but that wasn't the only thing I needed to do. In addition do this:

  • Go to the Subscription you are working in, to the Resource providers.
  • See if you have a Provider "Microsoft.DataProtection" with Status "NotRegistered".
  • Register it.

Seems that the new terraform code is leveraging this additional provider within Azure.

Upvotes: 2

David Roussel
David Roussel

Reputation: 5916

I find when you get these types of issues, it's best to look in the source.

According to: https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/network/application_gateway_resource.go

You can only have 'key_vault_secret_id' inside a 'ssl_certificate' block, which is what you have. But note that is the latest version of the provider, on version 2. You are on 1.44.0, so we need to look at that source...

https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.44.0/azurerm/internal/services/network/resource_arm_application_gateway.go

And in this version the only mentions of 'key_vault_secret_id' are commented out.

I suggest you upgrade to the lastest version of the provider.

Upvotes: 1

Related Questions