-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ add support for token signing certificate #741
base: main
Are you sure you want to change the base?
Conversation
e0d9baf
to
8ff8e30
Compare
We do like to add support to the provider to create a token signing certificate. This commit adds new optional fields `token_signing_certificate_name` and `token_signing_certificate_end_date` to the resource `azuread_service_principal`. If both of these fields are set a token signing ceritificate for the service principal gets created and attached. The certificate thumbprint will be stored in a computed field called `preferred_token_signing_key_thumbprint`. There is now way to update or rotate the certificate because of missing API support. Therefore in case of an adjustment the principal will be replaced. Issue: hashicorp#732
8ff8e30
to
2e0ef4d
Compare
@manicminer This is a draft using the hamilton extension from manicminer/hamilton#151 to solve #732 Please review if that would be an ok workaround until we get an API extension from Microsoft. |
Hi @dhohengassner, thanks for the PR, this would be great to add to the provider! Sorry for the delay in reviewing. I'm wondering if this would be better as a separate resource, similar to |
A welcome feature, waiting to see it in the provider :)
|
This comment was marked as off-topic.
This comment was marked as off-topic.
Hi @manicminer - Just wanting to follow up on this.
Based on a previous comment here: #732 (comment), it was indicated that it might not be best to do a separate resource for this certificate. You also indicated you were going to check with the internal Graph API team to see if full CRUD support for this resource was coming. Has there been any movement on this? Thanks for the help, and let me know if there’s anything I can do to help. |
We do like to add support to the provider to create a token signing certificate.
This commit adds a new field
token_signing_certificate_name
to theresource
azuread_service_principal
.If this is set a ceritificate will be generated and the thumbprint
will be stored in a computed field called
preferred_token_signing_key_thumbprint
.Issue: #732