Skip to content

Commit

Permalink
azurerm_key_vault - support for Virtual Network Rules (#2027)
Browse files Browse the repository at this point in the history
* Upgrading to version `2018-02-14` of the Key Vault API

* Key Vault: support for Network ACL's

* Storage Account: ensuring we lock on the Virtual Network name during deletion

Fixes #1491

```
$ acctests azurerm TestAccAzureRMStorageAccount_networkRules
=== RUN   TestAccAzureRMStorageAccount_networkRules
--- PASS: TestAccAzureRMStorageAccount_networkRules (242.68s)
=== RUN   TestAccAzureRMStorageAccount_networkRulesDeleted
--- PASS: TestAccAzureRMStorageAccount_networkRulesDeleted (193.87s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	437.440s
```

* Data Source: `azurerm_key_vault` - exposing `network_acls`

* Fixing the data source test

```
$ acctests azurerm TestAccDataSourceAzureRMKeyVault_networkAcls
=== RUN   TestAccDataSourceAzureRMKeyVault_networkAcls
--- PASS: TestAccDataSourceAzureRMKeyVault_networkAcls (310.74s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	311.651s
```

* Documenting why we're locking
  • Loading branch information
tombuildsstuff authored Oct 6, 2018
1 parent 5e9fb57 commit 0875eb4
Show file tree
Hide file tree
Showing 17 changed files with 675 additions and 102 deletions.
2 changes: 1 addition & 1 deletion azurerm/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
"github.com/Azure/azure-sdk-for-go/services/iothub/mgmt/2018-04-01/devices"
keyVault "github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault"
"github.com/Azure/azure-sdk-for-go/services/logic/mgmt/2016-06-01/logic"
"github.com/Azure/azure-sdk-for-go/services/mysql/mgmt/2017-12-01/mysql"
"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-04-01/network"
Expand Down
76 changes: 74 additions & 2 deletions azurerm/data_source_key_vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ package azurerm
import (
"fmt"

"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/set"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

Expand Down Expand Up @@ -105,6 +106,35 @@ func dataSourceArmKeyVault() *schema.Resource {
Computed: true,
},

"network_acls": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"default_action": {
Type: schema.TypeString,
Computed: true,
},
"bypass": {
Type: schema.TypeString,
Computed: true,
},
"ip_rules": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},
"virtual_network_subnet_ids": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: set.HashStringIgnoreCase,
},
},
},
},

"tags": tagsForDataSourceSchema(),
},
}
Expand Down Expand Up @@ -138,6 +168,8 @@ func dataSourceArmKeyVaultRead(d *schema.ResourceData, meta interface{}) error {
d.Set("enabled_for_deployment", props.EnabledForDeployment)
d.Set("enabled_for_disk_encryption", props.EnabledForDiskEncryption)
d.Set("enabled_for_template_deployment", props.EnabledForTemplateDeployment)
d.Set("vault_uri", props.VaultURI)

if err := d.Set("sku", flattenKeyVaultDataSourceSku(props.Sku)); err != nil {
return fmt.Errorf("Error flattening `sku` for KeyVault %q: %+v", *resp.Name, err)
}
Expand All @@ -146,7 +178,10 @@ func dataSourceArmKeyVaultRead(d *schema.ResourceData, meta interface{}) error {
if err := d.Set("access_policy", flattenedPolicies); err != nil {
return fmt.Errorf("Error flattening `access_policy` for KeyVault %q: %+v", *resp.Name, err)
}
d.Set("vault_uri", props.VaultURI)

if err := d.Set("network_acls", flattenKeyVaultDataSourceNetworkAcls(props.NetworkAcls)); err != nil {
return fmt.Errorf("Error flattening `network_acls` for KeyVault %q: %+v", *resp.Name, err)
}
}

flattenAndSetTags(d, resp.Tags)
Expand All @@ -161,3 +196,40 @@ func flattenKeyVaultDataSourceSku(sku *keyvault.Sku) []interface{} {

return []interface{}{result}
}

func flattenKeyVaultDataSourceNetworkAcls(input *keyvault.NetworkRuleSet) []interface{} {
if input == nil {
return []interface{}{}
}

output := make(map[string]interface{}, 0)

output["bypass"] = string(input.Bypass)
output["default_action"] = string(input.DefaultAction)

ipRules := make([]interface{}, 0)
if input.IPRules != nil {
for _, v := range *input.IPRules {
if v.Value == nil {
continue
}

ipRules = append(ipRules, *v.Value)
}
}
output["ip_rules"] = schema.NewSet(schema.HashString, ipRules)

virtualNetworkRules := make([]interface{}, 0)
if input.VirtualNetworkRules != nil {
for _, v := range *input.VirtualNetworkRules {
if v.ID == nil {
continue
}

virtualNetworkRules = append(virtualNetworkRules, *v.ID)
}
}
output["virtual_network_subnet_ids"] = schema.NewSet(schema.HashString, virtualNetworkRules)

return []interface{}{output}
}
2 changes: 1 addition & 1 deletion azurerm/data_source_key_vault_access_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package azurerm
import (
"strings"

"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)
Expand Down
42 changes: 42 additions & 0 deletions azurerm/data_source_key_vault_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,36 @@ func TestAccDataSourceAzureRMKeyVault_complete(t *testing.T) {
})
}

func TestAccDataSourceAzureRMKeyVault_networkAcls(t *testing.T) {
dataSourceName := "data.azurerm_key_vault.test"
ri := acctest.RandInt()
location := testLocation()
config := testAccDataSourceAzureRMKeyVault_networkAcls(ri, location)

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMKeyVaultDestroy,
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMKeyVaultExists(dataSourceName),
resource.TestCheckResourceAttrSet(dataSourceName, "tenant_id"),
resource.TestCheckResourceAttrSet(dataSourceName, "sku.0.name"),
resource.TestCheckResourceAttrSet(dataSourceName, "access_policy.0.tenant_id"),
resource.TestCheckResourceAttrSet(dataSourceName, "access_policy.0.object_id"),
resource.TestCheckResourceAttr(dataSourceName, "access_policy.0.key_permissions.0", "create"),
resource.TestCheckResourceAttr(dataSourceName, "access_policy.0.secret_permissions.0", "set"),
resource.TestCheckResourceAttr(dataSourceName, "network_acls.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "network_acls.0.default_action", "Allow"),
resource.TestCheckResourceAttr(dataSourceName, "tags.%", "0"),
),
},
},
})
}

func testAccDataSourceAzureRMKeyVault_basic(rInt int, location string) string {
resource := testAccAzureRMKeyVault_basic(rInt, location)
return fmt.Sprintf(`
Expand All @@ -88,3 +118,15 @@ data "azurerm_key_vault" "test" {
}
`, resource)
}

func testAccDataSourceAzureRMKeyVault_networkAcls(rInt int, location string) string {
resource := testAccAzureRMKeyVault_networkAclsUpdated(rInt, location)
return fmt.Sprintf(`
%s
data "azurerm_key_vault" "test" {
name = "${azurerm_key_vault.test.name}"
resource_group_name = "${azurerm_key_vault.test.resource_group_name}"
}
`, resource)
}
2 changes: 1 addition & 1 deletion azurerm/helpers/azure/key_vault_access_policy.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package azure

import (
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2018-02-14/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
"github.com/satori/go.uuid"
Expand Down
Loading

0 comments on commit 0875eb4

Please sign in to comment.