From 663c30ed63ae35a684b53df5f4eec3aed910a867 Mon Sep 17 00:00:00 2001 From: Mitchell Date: Fri, 25 Oct 2024 02:17:17 -0600 Subject: [PATCH] `azurerm_data_factory_linked_service_azure_sql_database` - adding `credential` block (#27629) * add credential to azurerm_data_factory_linked_service_azure_sql_database * align with msft docs * change credential block to credential_name string * fix reference --- ...ked_service_azure_sql_database_resource.go | 17 ++++++ ...ervice_azure_sql_database_resource_test.go | 61 +++++++++++++++++++ ...d_service_azure_sql_database.html.markdown | 2 + 3 files changed, 80 insertions(+) diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go index 2da06ecf58aa..d4b01bf60228 100644 --- a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go +++ b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go @@ -7,6 +7,7 @@ import ( "fmt" "time" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-sdk/resource-manager/datafactory/2018-06-01/factories" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" @@ -171,6 +172,12 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabase() *pluginsdk.Resource { Type: pluginsdk.TypeString, }, }, + + "credential_name": { + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validation.StringIsNotEmpty, + }, }, } } @@ -259,6 +266,12 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseCreateUpdate(d *pluginsdk.R azureSQLDatabaseLinkedService.Annotations = &annotations } + if credentialName := d.Get("credential_name").(string); credentialName != "" { + azureSQLDatabaseLinkedService.Credential = &datafactory.CredentialReference{ + ReferenceName: pointer.To(credentialName), + } + } + linkedService := datafactory.LinkedServiceResource{ Properties: azureSQLDatabaseLinkedService, } @@ -352,6 +365,10 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseRead(d *pluginsdk.ResourceD } } + if credential := sql.Credential; credential != nil { + d.Set("credential_name", pointer.From(credential.ReferenceName)) + } + return nil } diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go index 5bd1a5a6a6e9..73652133aecd 100644 --- a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go +++ b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go @@ -115,6 +115,22 @@ func TestAccDataFactoryLinkedServiceAzureSQLDatabase_ConnectionStringKeyVaultRef }) } +func TestAccDataFactoryLinkedServiceAzureSQLDatabase_Credential(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_data_factory_linked_service_azure_sql_database", "test") + r := LinkedServiceAzureSQLDatabaseResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.credential(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("credential_name").HasValue(fmt.Sprintf("test%d", data.RandomInteger)), + ), + }, + data.ImportStep("connection_string"), + }) +} + func (t LinkedServiceAzureSQLDatabaseResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := parse.LinkedServiceID(state.ID) if err != nil { @@ -355,3 +371,48 @@ resource "azurerm_data_factory_linked_service_azure_sql_database" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } + +func (LinkedServiceAzureSQLDatabaseResource) credential(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-df-%d" + location = "%s" +} + +resource "azurerm_user_assigned_identity" "test" { + name = "test%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_data_factory" "test" { + name = "acctestdf%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + identity { + type = "SystemAssigned, UserAssigned" + identity_ids = [azurerm_user_assigned_identity.test.id] + } +} + +resource "azurerm_data_factory_credential_user_managed_identity" "test" { + name = azurerm_user_assigned_identity.test.name + description = "Test ADF SQL DB UMI" + data_factory_id = azurerm_data_factory.test.id + identity_id = azurerm_user_assigned_identity.test.id +} + +resource "azurerm_data_factory_linked_service_azure_sql_database" "test" { + name = "acctestlssql%d" + data_factory_id = azurerm_data_factory.test.id + connection_string = "data source=serverhostname;initial catalog=master;user id=testUser;Password=test;integrated security=False;encrypt=True;connection timeout=30" + + credential_name = azurerm_data_factory_credential_user_managed_identity.test.name +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) +} diff --git a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown index 50191cc54d48..10bf80eccfb2 100644 --- a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown +++ b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown @@ -65,6 +65,8 @@ The following arguments are supported: * `key_vault_password` - (Optional) A `key_vault_password` block as defined below. Use this argument to store SQL Server password in an existing Key Vault. It needs an existing Key Vault Data Factory Linked Service. +* `credential_name` - (Optional) The name of a User-assigned Managed Identity. Use this argument to authenticate against the linked resource using a User-assigned Managed Identity. + --- A `key_vault_connection_string` block supports the following: