Certificate attribute for pingone_key resource

[kwevers]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Expose the generated certificate as an attribute when creating a key pair with the pingone_key resource. In our case this would be used to store the certificate in our secret store where it can be read by Ansible for use in application configuration.

New or Affected Resource(s)

• pingone_key

Potential Terraform Configuration

N/A

References

The web UI shows a Download Certificate button so I would expect this to be possible. I think this is the API call required: https://apidocs.pingidentity.com/pingone/platform/v1/api/#get-export-public-key-x509-pem

[patrickcping]

Hi @kwevers thanks for raising!

The pingone_certificate_export data source (registry docs link) should be the equivalent of the Download Certificate button in the admin console. Would this work for your use case?

[kwevers]

Hi @patrickcping,

I completely missed that datasource. Thanks! This makes that we're not blocked right now, which is awesome, but ideally we wouldn't need to have a resource and a datasource for a single object in the same module so it would be great if this still could be added at some point.

[patrickcping]

Perfect. Understood. The current implementation stays faithful to the API, where it is the equivalent of a POST (to create the key) followed by a GET (to get the cert export).

Before we look to deviate from the API on the provider, I'll first check in with the API team and see whether it can be included in the response payload of the POST call