azuread_application_certificate: add more examples

hashicorp · Jan 24, 2021 · b2f0011 · b2f0011
1 parent 3c69a32
commit b2f0011
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 0 deletions.
diff --git a/website/docs/r/application_certificate.html.markdown b/website/docs/r/application_certificate.html.markdown
@@ -15,6 +15,8 @@ Manages a Certificate associated with an Application within Azure Active Directo
 
 ## Example Usage
 
+*Using a PEM certificate*
+
 ```hcl
 resource "azuread_application" "example" {
   name = "example"
@@ -28,6 +30,89 @@ resource "azuread_application_certificate" "example" {
 }
 ```
 
+*Using a DER certificate*
+
+```hcl
+resource "azuread_application" "example" {
+  name = "example"
+}
+
+resource "azuread_application_certificate" "example" {
+  application_object_id = azuread_application.example.id
+  type                  = "AsymmetricX509Cert"
+  encoding              = "base64"
+  value                 = base64encode(file("cert.der"))
+  end_date              = "2021-05-01T01:02:03Z"
+}
+```
+
+### Using a certificate from Azure Key Vault
+
+```hcl
+resource "azurerm_key_vault_certificate" "example" {
+  name         = "generated-cert"
+  key_vault_id = azurerm_key_vault.example.id
+
+  certificate_policy {
+    issuer_parameters {
+      name = "Self"
+    }
+
+    key_properties {
+      exportable = true
+      key_size   = 2048
+      key_type   = "RSA"
+      reuse_key  = true
+    }
+
+    lifetime_action {
+      action {
+        action_type = "AutoRenew"
+      }
+
+      trigger {
+        days_before_expiry = 30
+      }
+    }
+
+    secret_properties {
+      content_type = "application/x-pkcs12"
+    }
+
+    x509_certificate_properties {
+      extended_key_usage = ["1.3.6.1.5.5.7.3.2"]
+
+      key_usage = [
+        "dataEncipherment",
+        "digitalSignature",
+        "keyCertSign",
+        "keyEncipherment",
+      ]
+
+      subject_alternative_names {
+        dns_names = ["internal.contoso.com", "domain.hello.world"]
+      }
+
+      subject            = "CN=${azuread_application.example.name}"
+      validity_in_months = 12
+    }
+  }
+}
+
+resource "azuread_application" "example" {
+  name = "example"
+}
+
+resource "azuread_application_certificate" "example" {
+  application_object_id = azuread_application.example.id
+  type                  = "AsymmetricX509Cert"
+  encoding              = "hex"
+  value                 = azurerm_key_vault_certificate.example.certificate_data
+  end_date              = azurerm_key_vault_certificate.example.certificate_attribute[0].expires
+  start_date            = azurerm_key_vault_certificate.example.certificate_attribute[0].not_before
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:

diff --git a/website/docs/r/service_principal_certificate.html.markdown b/website/docs/r/service_principal_certificate.html.markdown
@@ -15,6 +15,8 @@ Manages a Certificate associated with a Service Principal within Azure Active Di
 
 ## Example Usage
 
+*Using a PEM certificate*
+
 ```hcl
 resource "azuread_application" "example" {
   name = "example"
@@ -32,6 +34,26 @@ resource "azuread_service_principal_certificate" "example" {
 }
 ```
 
+*Using a DER certificate*
+
+```hcl
+resource "azuread_application" "example" {
+  name = "example"
+}
+
+resource "azuread_service_principal" "example" {
+  application_id = azuread_application.example.application_id
+}
+
+resource "azuread_service_principal_certificate" "example" {
+  service_principal_id = azuread_service_principal.example.id
+  type                 = "AsymmetricX509Cert"
+  encoding             = "base64"
+  value                = base64encode(file("cert.der"))
+  end_date             = "2021-05-01T01:02:03Z"
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported: