[FEAT] Create azurerm_cdn_frontdoor_secret based on existing keyvault certificate

[blongv]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In order for a custom domain to support an imported certificate, a parameter specifying which keyvault certificate ID is required and a new resource azurerm_cdn_frontdoor_secret is also required.
This allows users to import their own certificate into keyvault and deploy it as part of a Front Door custom domain.

New or Affected Resource(s)/Data Source(s)

azurerm_cdn_frontdoor_secret

Potential Terraform Configuration

# NOTE: In order for the certificate to be used by Azure FrontDoor, it must be PKCS#12 PFX 3DES.
# openssl pkcs12 -export -out cert.pfx -inkey host-private.key -in leaf.pem -certfile intermediate.pem -legacy
#
resource "azurerm_key_vault_certificate" "cert" {
  name         = local.server_fqdn
  key_vault_id = local.key_vault_id

  certificate {
    contents = filebase64("./cert.pfx")
    password = ""
  }

  # The following is required for PFX imports, but not PEM.
  certificate_policy {
    issuer_parameters {
      name = "Unknown"
    }
    key_properties {
      exportable = true
      key_size   = 2048
      key_type   = "RSA"
      reuse_key  = false
    }
    secret_properties {
      content_type = "application/x-pkcs12"
    }
  }

}

module "cdn-frontdoor" {

  custom_domains = [
    {
      name      = local.server
      host_name = local.server_fqdn
      tls = {
        certificate_type         = "CustomerCertificate"
        key_vault_certificate_id = azurerm_key_vault_certificate.cert.id
      }
    }
  ]

}

References

FrontDoor HTTPS with your own certificate