From a5f1b723d4996e406b6974cea679587c625cf5f9 Mon Sep 17 00:00:00 2001
From: catriona-m <86247157+catriona-m@users.noreply.github.com>
Date: Thu, 3 Oct 2024 16:12:51 +0100
Subject: [PATCH] use optionallyversioned parser (#27537)

---
 .../web/app_service_certificate_resource.go   |   4 +-
 .../app_service_certificate_resource_test.go  | 114 ++++++++++++++++++
 2 files changed, 116 insertions(+), 2 deletions(-)

diff --git a/internal/services/web/app_service_certificate_resource.go b/internal/services/web/app_service_certificate_resource.go
index 6c9da2616f11..dcc3fa815758 100644
--- a/internal/services/web/app_service_certificate_resource.go
+++ b/internal/services/web/app_service_certificate_resource.go
@@ -100,7 +100,7 @@ func resourceAppServiceCertificateCreateUpdate(d *pluginsdk.ResourceData, meta i
 	}
 
 	if keyVaultSecretId != "" {
-		parsedSecretId, err := keyVaultParse.ParseNestedItemID(keyVaultSecretId)
+		parsedSecretId, err := keyVaultParse.ParseOptionallyVersionedNestedItemID(keyVaultSecretId)
 		if err != nil {
 			return err
 		}
@@ -253,7 +253,7 @@ func resourceAppServiceCertificateSchema() map[string]*pluginsdk.Schema {
 			Optional:         true,
 			ForceNew:         true,
 			DiffSuppressFunc: keyVaultSuppress.DiffSuppressIgnoreKeyVaultKeyVersion,
-			ValidateFunc:     keyVaultValidate.NestedItemId,
+			ValidateFunc:     keyVaultValidate.NestedItemIdWithOptionalVersion,
 			ConflictsWith:    []string{"pfx_blob", "password"},
 			ExactlyOneOf:     []string{"key_vault_secret_id", "pfx_blob"},
 		},
diff --git a/internal/services/web/app_service_certificate_resource_test.go b/internal/services/web/app_service_certificate_resource_test.go
index fdb6d7fc08f1..72bda668af3f 100644
--- a/internal/services/web/app_service_certificate_resource_test.go
+++ b/internal/services/web/app_service_certificate_resource_test.go
@@ -79,6 +79,21 @@ func TestAccAppServiceCertificate_KeyVaultId(t *testing.T) {
 	})
 }
 
+func TestAccAppServiceCertificate_KeyVaultIdVersionless(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_app_service_certificate", "test")
+	r := AppServiceCertificateResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.keyVaultIdVersionless(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("thumbprint").HasValue("7B985BF42467791F23E52B364A3E8DEBAB9C606E"),
+			),
+		},
+		data.ImportStep("key_vault_secret_id", "key_vault_id"),
+	})
+}
+
 func (r AppServiceCertificateResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := parse.CertificateID(state.ID)
 	if err != nil {
@@ -332,3 +347,102 @@ resource "azurerm_app_service_certificate" "test" {
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
+
+func (r AppServiceCertificateResource) keyVaultIdVersionless(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+provider "azuread" {}
+
+data "azurerm_client_config" "test" {}
+
+data "azuread_service_principal" "test" {
+  display_name = "Microsoft Azure App Service"
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestwebcert%d"
+  location = "%s"
+}
+
+resource "azurerm_key_vault" "test" {
+  name                = "acct%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  tenant_id = data.azurerm_client_config.test.tenant_id
+
+  sku_name = "standard"
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.test.tenant_id
+    object_id = data.azurerm_client_config.test.object_id
+
+    secret_permissions = [
+      "Delete",
+      "Get",
+      "Purge",
+      "Set",
+    ]
+
+    certificate_permissions = [
+      "Create",
+      "Delete",
+      "Get",
+      "Purge",
+      "Import",
+    ]
+  }
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.test.tenant_id
+    object_id = data.azuread_service_principal.test.object_id
+
+    secret_permissions = [
+      "Get",
+    ]
+
+    certificate_permissions = [
+      "Get",
+    ]
+  }
+}
+
+resource "azurerm_key_vault_certificate" "test" {
+  name         = "acctest%d"
+  key_vault_id = azurerm_key_vault.test.id
+
+  certificate {
+    contents = filebase64("testdata/app_service_certificate.pfx")
+    password = "terraform"
+  }
+
+  certificate_policy {
+    issuer_parameters {
+      name = "Self"
+    }
+
+    key_properties {
+      exportable = true
+      key_size   = 2048
+      key_type   = "RSA"
+      reuse_key  = false
+    }
+
+    secret_properties {
+      content_type = "application/x-pkcs12"
+    }
+  }
+}
+
+resource "azurerm_app_service_certificate" "test" {
+  name                = "acctest%d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  key_vault_id        = azurerm_key_vault.test.id
+  key_vault_secret_id = azurerm_key_vault_certificate.test.versionless_secret_id
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
+}