azurerm_data_factory_linked_service_azure_sql_database - adding `cr…

…edential` block (hashicorp#27629) * add credential to azurerm_data_factory_linked_service_azure_sql_database * align with msft docs * change credential block to credential_name string * fix reference
djryanj · Oct 26, 2024 · 663c30e · 663c30e
1 parent 9bfd45e
commit 663c30e
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 0 deletions.
diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/datafactory/2018-06-01/factories"
 	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
@@ -171,6 +172,12 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabase() *pluginsdk.Resource {
 					Type: pluginsdk.TypeString,
 				},
 			},
+
+			"credential_name": {
+				Type:         pluginsdk.TypeString,
+				Optional:     true,
+				ValidateFunc: validation.StringIsNotEmpty,
+			},
 		},
 	}
 }
@@ -259,6 +266,12 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseCreateUpdate(d *pluginsdk.R
 		azureSQLDatabaseLinkedService.Annotations = &annotations
 	}
 
+	if credentialName := d.Get("credential_name").(string); credentialName != "" {
+		azureSQLDatabaseLinkedService.Credential = &datafactory.CredentialReference{
+			ReferenceName: pointer.To(credentialName),
+		}
+	}
+
 	linkedService := datafactory.LinkedServiceResource{
 		Properties: azureSQLDatabaseLinkedService,
 	}
@@ -352,6 +365,10 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseRead(d *pluginsdk.ResourceD
 		}
 	}
 
+	if credential := sql.Credential; credential != nil {
+		d.Set("credential_name", pointer.From(credential.ReferenceName))
+	}
+
 	return nil
 }
 

diff --git a/...rnal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go b/...rnal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go
@@ -115,6 +115,22 @@ func TestAccDataFactoryLinkedServiceAzureSQLDatabase_ConnectionStringKeyVaultRef
 	})
 }
 
+func TestAccDataFactoryLinkedServiceAzureSQLDatabase_Credential(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_data_factory_linked_service_azure_sql_database", "test")
+	r := LinkedServiceAzureSQLDatabaseResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.credential(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("credential_name").HasValue(fmt.Sprintf("test%d", data.RandomInteger)),
+			),
+		},
+		data.ImportStep("connection_string"),
+	})
+}
+
 func (t LinkedServiceAzureSQLDatabaseResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := parse.LinkedServiceID(state.ID)
 	if err != nil {
@@ -355,3 +371,48 @@ resource "azurerm_data_factory_linked_service_azure_sql_database" "test" {
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
+
+func (LinkedServiceAzureSQLDatabaseResource) credential(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-df-%d"
+  location = "%s"
+}
+
+resource "azurerm_user_assigned_identity" "test" {
+  name                = "test%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_data_factory" "test" {
+  name                = "acctestdf%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  identity {
+    type         = "SystemAssigned, UserAssigned"
+    identity_ids = [azurerm_user_assigned_identity.test.id]
+  }
+}
+
+resource "azurerm_data_factory_credential_user_managed_identity" "test" {
+  name            = azurerm_user_assigned_identity.test.name
+  description     = "Test ADF SQL DB UMI"
+  data_factory_id = azurerm_data_factory.test.id
+  identity_id     = azurerm_user_assigned_identity.test.id
+}
+
+resource "azurerm_data_factory_linked_service_azure_sql_database" "test" {
+  name              = "acctestlssql%d"
+  data_factory_id   = azurerm_data_factory.test.id
+  connection_string = "data source=serverhostname;initial catalog=master;user id=testUser;Password=test;integrated security=False;encrypt=True;connection timeout=30"
+
+  credential_name = azurerm_data_factory_credential_user_managed_identity.test.name
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
+}
diff --git a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown
@@ -65,6 +65,8 @@ The following arguments are supported:
 
 * `key_vault_password` - (Optional) A `key_vault_password` block as defined below. Use this argument to store SQL Server password in an existing Key Vault. It needs an existing Key Vault Data Factory Linked Service.
 
+* `credential_name` - (Optional) The name of a User-assigned Managed Identity. Use this argument to authenticate against the linked resource using a User-assigned Managed Identity.
+
 ---
 
 A `key_vault_connection_string` block supports the following:
-Original file line number
+Diff line change
@@ Expand Up / @@ -65,6 +65,8 @@ The following arguments are supported: @@
     * `key_vault_password` - (Optional) A `key_vault_password` block as defined below. Use this argument to store SQL Server password in an existing Key Vault. It needs an existing Key Vault Data Factory Linked Service.
+    * `credential_name` - (Optional) The name of a User-assigned Managed Identity. Use this argument to authenticate against the linked resource using a User-assigned Managed Identity.
     ---
     A `key_vault_connection_string` block supports the following:
@@ Expand Down @@