enable_rbac_authorization in azurerm_key_vault data sources

internal/services/keyvault/key_vault_data_source.go

@@ -115,6 +115,11 @@ func dataSourceKeyVault() *pluginsdk.Resource {
 					Computed: true,
 				},
 
+				"enable_rbac_authorization": {
+					Type:     pluginsdk.TypeBool,
+					Computed: true,
+				},
+
 				"network_acls": {
 					Type:     pluginsdk.TypeList,
 					Computed: true,
@@ -192,6 +197,7 @@ func dataSourceKeyVaultRead(d *pluginsdk.ResourceData, meta interface{}) error {
 		d.Set("enabled_for_deployment", props.EnabledForDeployment)
 		d.Set("enabled_for_disk_encryption", props.EnabledForDiskEncryption)
 		d.Set("enabled_for_template_deployment", props.EnabledForTemplateDeployment)
+		d.Set("enable_rbac_authorization", props.EnableRbacAuthorization)
 		d.Set("purge_protection_enabled", props.EnablePurgeProtection)
 		d.Set("vault_uri", props.VaultURI)
 

internal/services/keyvault/key_vault_data_source_test.go

@@ -91,6 +91,28 @@ func TestAccDataSourceKeyVault_softDelete(t *testing.T) {
 	})
 }
 
+func TestAccDataSourceKeyVault_update(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_key_vault", "test")
+	r := KeyVaultDataSource{}
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("tenant_id").Exists(),
+				check.That(data.ResourceName).Key("sku_name").Exists(),
+				check.That(data.ResourceName).Key("enable_rbac_authorization").HasValue("false"),
+			),
+		},
+		{
+			Config: r.update(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("enable_rbac_authorization").HasValue("true"),
+			),
+		},
+	})
+}
+
 func (KeyVaultDataSource) basic(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s
@@ -113,6 +135,17 @@ data "azurerm_key_vault" "test" {
 `, KeyVaultResource{}.complete(data))
 }
 
+func (KeyVaultDataSource) update(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_key_vault" "test" {
+  name                = azurerm_key_vault.test.name
+  resource_group_name = azurerm_key_vault.test.resource_group_name
+}
+`, KeyVaultResource{}.update(data))
+}
+
 func (KeyVaultDataSource) networkAcls(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s

website/docs/d/key_vault.html.markdown

@@ -53,6 +53,8 @@ The following attributes are exported:
 
 * `enabled_for_template_deployment` - Can Azure Resource Manager retrieve secrets from the Key Vault?
 
+* `enable_rbac_authorization` - Is Role Based Access Control (RBAC) for authorization of data actions enabled on this Key Vault?
+
 * `purge_protection_enabled` - Is purge protection enabled on this Key Vault?
 
 * `tags` - A mapping of tags assigned to the Key Vault.