diff --git a/internal/provider/services.go b/internal/provider/services.go index d77de92e1b58..380ab5770014 100644 --- a/internal/provider/services.go +++ b/internal/provider/services.go @@ -198,6 +198,7 @@ func SupportedTypedServices() []sdk.TypedServiceRegistration { policy.Registration{}, privatednsresolver.Registration{}, recoveryservices.Registration{}, + redis.Registration{}, redhatopenshift.Registration{}, resource.Registration{}, sentinel.Registration{}, diff --git a/internal/services/redis/redis_cache_access_policy_assignment_resource.go b/internal/services/redis/redis_cache_access_policy_assignment_resource.go new file mode 100644 index 000000000000..9319eec244e5 --- /dev/null +++ b/internal/services/redis/redis_cache_access_policy_assignment_resource.go @@ -0,0 +1,184 @@ +package redis + +import ( + "context" + "fmt" + "time" + + "github.com/hashicorp/go-azure-helpers/lang/response" + "github.com/hashicorp/go-azure-sdk/resource-manager/redis/2023-08-01/redis" + "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" +) + +type RedisCacheAccessPolicyAssignmentResource struct { +} + +var _ sdk.Resource = RedisCacheAccessPolicyAssignmentResource{} + +type RedisCacheAccessPolicyAssignmentResourceModel struct { + Name string `tfschema:"name"` + RedisCacheID string `tfschema:"redis_cache_id"` + AccessPolicyName string `tfschema:"access_policy_name"` + ObjectID string `tfschema:"object_id"` + ObjectIDAlias string `tfschema:"object_id_alias"` +} + +func (r RedisCacheAccessPolicyAssignmentResource) Arguments() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + "redis_cache_id": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: redis.ValidateRediID, + }, + "access_policy_name": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + }, + "object_id": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + }, + "object_id_alias": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validation.StringInSlice( + []string{ + "ServicePrincipal", + "UserMSI", + }, false), + }, + } +} + +func (r RedisCacheAccessPolicyAssignmentResource) Attributes() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{} +} + +func (r RedisCacheAccessPolicyAssignmentResource) ModelObject() interface{} { + return &RedisCacheAccessPolicyAssignmentResourceModel{} +} + +func (r RedisCacheAccessPolicyAssignmentResource) ResourceType() string { + return "azurerm_redis_cache_access_policy_assignment" +} + +func (r RedisCacheAccessPolicyAssignmentResource) IDValidationFunc() pluginsdk.SchemaValidateFunc { + return redis.ValidateAccessPolicyAssignmentID +} + +func (r RedisCacheAccessPolicyAssignmentResource) Create() sdk.ResourceFunc { + return sdk.ResourceFunc{ + Timeout: 5 * time.Minute, + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + var model RedisCacheAccessPolicyAssignmentResourceModel + if err := metadata.Decode(&model); err != nil { + return fmt.Errorf("decoding %+v", err) + } + client := metadata.Client.Redis.Redis + subscriptionId := metadata.Client.Account.SubscriptionId + + redisId, err := redis.ParseRediID(model.RedisCacheID) + if err != nil { + return err + } + id := redis.NewAccessPolicyAssignmentID(subscriptionId, redisId.ResourceGroupName, redisId.RedisName, model.Name) + + existing, err := client.AccessPolicyAssignmentGet(ctx, id) + if err != nil && !response.WasNotFound(existing.HttpResponse) { + return fmt.Errorf("checking for existing %s: %+v", id, err) + } + + if !response.WasNotFound(existing.HttpResponse) { + return metadata.ResourceRequiresImport(r.ResourceType(), id) + } + + createInput := redis.RedisCacheAccessPolicyAssignment{ + Name: &model.Name, + Properties: &redis.RedisCacheAccessPolicyAssignmentProperties{ + AccessPolicyName: model.AccessPolicyName, + ObjectId: model.ObjectID, + ObjectIdAlias: model.ObjectIDAlias, + }, + } + if err := client.AccessPolicyAssignmentCreateUpdateThenPoll(ctx, id, createInput); err != nil { + return fmt.Errorf("failed to create Redis Cache Access Policy Assignment %s in Redis Cache %s in resource group %s: %s", model.Name, redisId.RedisName, redisId.ResourceGroupName, err) + } + + metadata.SetID(id) + return nil + }, + } +} + +func (r RedisCacheAccessPolicyAssignmentResource) Read() sdk.ResourceFunc { + return sdk.ResourceFunc{ + Timeout: 5 * time.Minute, + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + id, err := redis.ParseAccessPolicyAssignmentID(metadata.ResourceData.Id()) + if err != nil { + return err + } + + client := metadata.Client.Redis.Redis + + resp, err := client.AccessPolicyAssignmentGet(ctx, *id) + if err != nil { + if response.WasNotFound(resp.HttpResponse) { + return metadata.MarkAsGone(id) + } + return fmt.Errorf("retrieving Redis Cache Access Policy Assignment %s: %+v", *id, err) + } + + state := RedisCacheAccessPolicyAssignmentResourceModel{} + + if model := resp.Model; model != nil { + if model.Name != nil { + state.Name = *model.Name + } + state.RedisCacheID = redis.NewRediID(id.SubscriptionId, id.ResourceGroupName, id.RedisName).ID() + if model.Properties != nil { + state.AccessPolicyName = model.Properties.AccessPolicyName + state.ObjectID = model.Properties.ObjectId + state.ObjectIDAlias = model.Properties.ObjectIdAlias + } + } + + return metadata.Encode(&state) + }, + } +} + +func (r RedisCacheAccessPolicyAssignmentResource) Delete() sdk.ResourceFunc { + return sdk.ResourceFunc{ + Timeout: 5 * time.Minute, + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + var model RedisCacheAccessPolicyAssignmentResourceModel + if err := metadata.Decode(&model); err != nil { + return fmt.Errorf("decoding %+v", err) + } + client := metadata.Client.Redis.Redis + id, err := redis.ParseAccessPolicyAssignmentID(metadata.ResourceData.Id()) + if err != nil { + return err + } + + if _, err := client.AccessPolicyAssignmentDelete(ctx, *id); err != nil { + return fmt.Errorf("deleting Redis Cache Access Policy Assignment %s in Redis Cache %s in resource group %s: %s", id.AccessPolicyAssignmentName, id.RedisName, id.ResourceGroupName, err) + } + + return nil + }, + } +} diff --git a/internal/services/redis/redis_cache_access_policy_assignment_resource_test.go b/internal/services/redis/redis_cache_access_policy_assignment_resource_test.go new file mode 100644 index 000000000000..f0d505884a3b --- /dev/null +++ b/internal/services/redis/redis_cache_access_policy_assignment_resource_test.go @@ -0,0 +1,114 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package redis_test + +import ( + "context" + "fmt" + "testing" + + "github.com/hashicorp/go-azure-sdk/resource-manager/redis/2023-08-01/redis" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" + "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/utils" +) + +type RedisCacheAccessPolicyAssignmentResource struct{} + +func TestAccRedisCacheAccessPolicyAssignment_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_redis_cache_access_policy_assignment", "test") + r := RedisCacheAccessPolicyAssignmentResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + +func TestAccRedisCacheAccessPolicyAssignment_requiresImport(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_redis_cache_access_policy_assignment", "test") + r := RedisCacheAccessPolicyAssignmentResource{} + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.RequiresImportErrorStep(r.requiresImport), + }) +} + +func (t RedisCacheAccessPolicyAssignmentResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { + id, err := redis.ParseAccessPolicyAssignmentID(state.ID) + if err != nil { + return nil, err + } + + resp, err := clients.Redis.Redis.AccessPolicyAssignmentGet(ctx, *id) + if err != nil { + return nil, fmt.Errorf("reading %s: %+v", *id, err) + } + + return utils.Bool(resp.Model != nil), nil +} + +func (RedisCacheAccessPolicyAssignmentResource) basic(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +data "azurerm_client_config" "test" { +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_redis_cache" "test" { + name = "acctestRedis-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + capacity = 1 + family = "C" + sku_name = "Basic" + enable_non_ssl_port = true + minimum_tls_version = "1.2" + + redis_configuration { + } +} + +resource "azurerm_redis_cache_access_policy_assignment" "test" { + name = "acctestRedisAccessPolicyAssignmentTest" + redis_cache_id = azurerm_redis_cache.test.id + access_policy_name = "Data Contributor" + object_id = data.azurerm_client_config.test.object_id + object_id_alias = "ServicePrincipal" +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + +func (r RedisCacheAccessPolicyAssignmentResource) requiresImport(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_redis_cache_access_policy_assignment" "import" { + name = azurerm_redis_cache_access_policy_assignment.test.name + redis_cache_id = azurerm_redis_cache_access_policy_assignment.test.redis_cache_id + access_policy_name = azurerm_redis_cache_access_policy_assignment.test.access_policy_name + object_id = azurerm_redis_cache_access_policy_assignment.test.object_id + object_id_alias = azurerm_redis_cache_access_policy_assignment.test.object_id_alias +} +`, r.basic(data)) +} diff --git a/internal/services/redis/redis_cache_access_policy_resource.go b/internal/services/redis/redis_cache_access_policy_resource.go new file mode 100644 index 000000000000..9b1d8682361b --- /dev/null +++ b/internal/services/redis/redis_cache_access_policy_resource.go @@ -0,0 +1,164 @@ +package redis + +import ( + "context" + "fmt" + "time" + + "github.com/hashicorp/go-azure-helpers/lang/response" + "github.com/hashicorp/go-azure-sdk/resource-manager/redis/2023-08-01/redis" + "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" +) + +type RedisCacheAccessPolicyResource struct { +} + +var _ sdk.Resource = RedisCacheAccessPolicyResource{} + +type RedisCacheAccessPolicyResourceModel struct { + Name string `tfschema:"name"` + RedisCacheID string `tfschema:"redis_cache_id"` + Permissions string `tfschema:"permissions"` +} + +func (r RedisCacheAccessPolicyResource) Arguments() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + }, + "redis_cache_id": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: redis.ValidateRediID, + }, + "permissions": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + }, + } +} + +func (r RedisCacheAccessPolicyResource) Attributes() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{} +} + +func (r RedisCacheAccessPolicyResource) ModelObject() interface{} { + return &RedisCacheAccessPolicyResourceModel{} +} + +func (r RedisCacheAccessPolicyResource) ResourceType() string { + return "azurerm_redis_cache_access_policy" +} + +func (r RedisCacheAccessPolicyResource) IDValidationFunc() pluginsdk.SchemaValidateFunc { + return redis.ValidateAccessPolicyID +} + +func (r RedisCacheAccessPolicyResource) Create() sdk.ResourceFunc { + return sdk.ResourceFunc{ + Timeout: 5 * time.Minute, + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + var model RedisCacheAccessPolicyResourceModel + if err := metadata.Decode(&model); err != nil { + return fmt.Errorf("decoding %+v", err) + } + client := metadata.Client.Redis.Redis + subscriptionId := metadata.Client.Account.SubscriptionId + + redisId, err := redis.ParseRediID(model.RedisCacheID) + if err != nil { + return fmt.Errorf("parsing Redis Cache ID (%s): %+v", model.RedisCacheID, err) + } + id := redis.NewAccessPolicyID(subscriptionId, redisId.ResourceGroupName, redisId.RedisName, model.Name) + + existing, err := client.AccessPolicyGet(ctx, id) + if err != nil && !response.WasNotFound(existing.HttpResponse) { + return fmt.Errorf("checking for existing %s: %+v", id, err) + } + + if !response.WasNotFound(existing.HttpResponse) { + return metadata.ResourceRequiresImport(r.ResourceType(), id) + } + + policyTypeCustom := redis.AccessPolicyTypeCustom + + createInput := redis.RedisCacheAccessPolicy{ + Name: &model.Name, + Properties: &redis.RedisCacheAccessPolicyProperties{ + Permissions: model.Permissions, + Type: &policyTypeCustom, + }, + } + if err := client.AccessPolicyCreateUpdateThenPoll(ctx, id, createInput); err != nil { + return fmt.Errorf("failed to create Redis Cache Access Policy %s in Redis Cache %s in resource group %s: %s", model.Name, redisId.RedisName, redisId.ResourceGroupName, err) + } + + metadata.SetID(id) + return nil + }, + } +} + +func (r RedisCacheAccessPolicyResource) Read() sdk.ResourceFunc { + return sdk.ResourceFunc{ + Timeout: 5 * time.Minute, + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + id, err := redis.ParseAccessPolicyID(metadata.ResourceData.Id()) + if err != nil { + return err + } + + client := metadata.Client.Redis.Redis + + resp, err := client.AccessPolicyGet(ctx, *id) + if err != nil { + if response.WasNotFound(resp.HttpResponse) { + return metadata.MarkAsGone(id) + } + return fmt.Errorf("retrieving Redis Cache Access Policy %s: %+v", *id, err) + } + + state := RedisCacheAccessPolicyResourceModel{} + + if model := resp.Model; model != nil { + if model.Name != nil { + state.Name = *model.Name + } + state.RedisCacheID = redis.NewRediID(id.SubscriptionId, id.ResourceGroupName, id.RedisName).ID() + if model.Properties != nil { + state.Permissions = model.Properties.Permissions + } + } + + return metadata.Encode(&state) + }, + } +} + +func (r RedisCacheAccessPolicyResource) Delete() sdk.ResourceFunc { + return sdk.ResourceFunc{ + Timeout: 5 * time.Minute, + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + var model RedisCacheAccessPolicyResourceModel + if err := metadata.Decode(&model); err != nil { + return fmt.Errorf("decoding %+v", err) + } + client := metadata.Client.Redis.Redis + id, err := redis.ParseAccessPolicyID(metadata.ResourceData.Id()) + if err != nil { + return fmt.Errorf("while parsing resource ID: %+v", err) + } + + if _, err := client.AccessPolicyDelete(ctx, *id); err != nil { + return fmt.Errorf("deleting Redis Cache Access Policy %s in Redis Cache %s in resource group %s: %s", id.AccessPolicyName, id.RedisName, id.ResourceGroupName, err) + } + + return nil + }, + } +} diff --git a/internal/services/redis/redis_cache_access_policy_resource_test.go b/internal/services/redis/redis_cache_access_policy_resource_test.go new file mode 100644 index 000000000000..9c26655a4896 --- /dev/null +++ b/internal/services/redis/redis_cache_access_policy_resource_test.go @@ -0,0 +1,110 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package redis_test + +import ( + "context" + "fmt" + "testing" + + "github.com/hashicorp/go-azure-sdk/resource-manager/redis/2023-08-01/redis" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" + "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/utils" +) + +type RedisCacheAccessPolicyResource struct{} + +func TestAccRedisCacheAccessPolicy_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_redis_cache_access_policy", "test") + r := RedisCacheAccessPolicyResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + +func TestAccRedisCacheAccessPolicy_requiresImport(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_redis_cache_access_policy", "test") + r := RedisCacheAccessPolicyResource{} + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.RequiresImportErrorStep(r.requiresImport), + }) +} + +func (t RedisCacheAccessPolicyResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { + id, err := redis.ParseAccessPolicyID(state.ID) + if err != nil { + return nil, err + } + + resp, err := clients.Redis.Redis.AccessPolicyGet(ctx, *id) + if err != nil { + return nil, fmt.Errorf("reading %s: %+v", *id, err) + } + + return utils.Bool(resp.Model != nil), nil +} + +func (RedisCacheAccessPolicyResource) basic(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +data "azurerm_client_config" "test" { +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_redis_cache" "test" { + name = "acctestRedis-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + capacity = 1 + family = "C" + sku_name = "Basic" + enable_non_ssl_port = true + minimum_tls_version = "1.2" + + redis_configuration { + } +} + +resource "azurerm_redis_cache_access_policy" "test" { + name = "acctestRedisAccessPolicytest" + redis_cache_id = azurerm_redis_cache.test.id + permissions = "+@read +@connection +cluster|info allkeys" +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + +func (r RedisCacheAccessPolicyResource) requiresImport(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_redis_cache_access_policy" "import" { + name = azurerm_redis_cache_access_policy.test.name + redis_cache_id = azurerm_redis_cache_access_policy.test.redis_cache_id + permissions = azurerm_redis_cache_access_policy.test.permissions +} +`, r.basic(data)) +} diff --git a/internal/services/redis/redis_cache_resource.go b/internal/services/redis/redis_cache_resource.go index 3914c1ae2048..528b79961eac 100644 --- a/internal/services/redis/redis_cache_resource.go +++ b/internal/services/redis/redis_cache_resource.go @@ -54,10 +54,10 @@ func resourceRedisCache() *pluginsdk.Resource { }), Timeouts: &pluginsdk.ResourceTimeout{ - Create: pluginsdk.DefaultTimeout(90 * time.Minute), + Create: pluginsdk.DefaultTimeout(180 * time.Minute), Read: pluginsdk.DefaultTimeout(5 * time.Minute), - Update: pluginsdk.DefaultTimeout(90 * time.Minute), - Delete: pluginsdk.DefaultTimeout(90 * time.Minute), + Update: pluginsdk.DefaultTimeout(180 * time.Minute), + Delete: pluginsdk.DefaultTimeout(180 * time.Minute), }, StateUpgraders: pluginsdk.StateUpgrades(map[int]pluginsdk.StateUpgrade{ diff --git a/internal/services/redis/registration.go b/internal/services/redis/registration.go index 8ce52a1286d7..68906114414d 100644 --- a/internal/services/redis/registration.go +++ b/internal/services/redis/registration.go @@ -10,7 +10,10 @@ import ( type Registration struct{} -var _ sdk.UntypedServiceRegistrationWithAGitHubLabel = Registration{} +var ( + _ sdk.UntypedServiceRegistrationWithAGitHubLabel = Registration{} + _ sdk.TypedServiceRegistrationWithAGitHubLabel = Registration{} +) func (r Registration) AssociatedGitHubLabel() string { return "service/redis" @@ -43,3 +46,14 @@ func (r Registration) SupportedResources() map[string]*pluginsdk.Resource { "azurerm_redis_linked_server": resourceRedisLinkedServer(), } } + +func (r Registration) DataSources() []sdk.DataSource { + return []sdk.DataSource{} +} + +func (r Registration) Resources() []sdk.Resource { + return []sdk.Resource{ + RedisCacheAccessPolicyAssignmentResource{}, + RedisCacheAccessPolicyResource{}, + } +} diff --git a/website/docs/r/redis_cache.html.markdown b/website/docs/r/redis_cache.html.markdown index 348ef2cbfa7b..5f504153f6d9 100644 --- a/website/docs/r/redis_cache.html.markdown +++ b/website/docs/r/redis_cache.html.markdown @@ -228,10 +228,10 @@ A `redis_configuration` block exports the following: The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: -* `create` - (Defaults to 90 minutes) Used when creating the Redis Cache. -* `update` - (Defaults to 90 minutes) Used when updating the Redis Cache. +* `create` - (Defaults to 180 minutes) Used when creating the Redis Cache. +* `update` - (Defaults to 180 minutes) Used when updating the Redis Cache. * `read` - (Defaults to 5 minutes) Used when retrieving the Redis Cache. -* `delete` - (Defaults to 90 minutes) Used when deleting the Redis Cache. +* `delete` - (Defaults to 180 minutes) Used when deleting the Redis Cache. ## Import diff --git a/website/docs/r/redis_cache_access_policy.html.markdown b/website/docs/r/redis_cache_access_policy.html.markdown new file mode 100644 index 000000000000..27de8c59e98c --- /dev/null +++ b/website/docs/r/redis_cache_access_policy.html.markdown @@ -0,0 +1,74 @@ +--- +subcategory: "Redis" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_redis_cache_access_policy" +description: |- + Manages a Redis Cache Access Policy. +--- + +# azurerm_redis_cache_access_policy + +Manages a Redis Cache Access Policy + +## Example Usage + +```hcl +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "East US" +} + +resource "azurerm_redis_cache" "example" { + name = "example" + location = azurerm_resource_group.example.location + resource_group_name = azurerm_resource_group.example.name + capacity = 1 + family = "P" + sku_name = "Premium" + enable_non_ssl_port = false + + redis_configuration { + maxmemory_reserved = 2 + maxmemory_delta = 2 + maxmemory_policy = "allkeys-lru" + } +} + +resource "azurerm_redis_cache_access_policy" "example" { + name = "example" + redis_cache_id = azurerm_redis_cache.example.id + permissions = "+@read +@connection +cluster|info" +} +``` + +## Arguments Reference + +The following arguments are supported: + +* `name` - (Required) The name of the Redis Cache Access Policy. Changing this forces a new Redis Cache Access Policy to be created. + +* `redis_cache_id` - (Required) The ID of the Redis Cache. Changing this forces a new Redis Cache Access Policy to be created. + +* `permissions` - (Required) Permissions that are going to be assigned to this Redis Cache Access Policy. Changing this forces a new Redis Cache Access Policy to be created. + +## Attributes Reference + +In addition to the Arguments listed above - the following Attributes are exported: + +* `id` - The ID of the Redis Cache Access Policy. + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: + +* `create` - (Defaults to 5 minutes) Used when creating the Redis Cache Access Policy. +* `read` - (Defaults to 5 minutes) Used when retrieving the Redis Cache Access Policy. +* `delete` - (Defaults to 5 minutes) Used when deleting the Redis Cache Access Policy. + +## Import + +Redis Cache Access Policy can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_redis_cache_access_policy.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Cache/redis/cache1/accessPolicies/policy1 +``` diff --git a/website/docs/r/redis_cache_access_policy_assignment.html.markdown b/website/docs/r/redis_cache_access_policy_assignment.html.markdown new file mode 100644 index 000000000000..6da413dc36e3 --- /dev/null +++ b/website/docs/r/redis_cache_access_policy_assignment.html.markdown @@ -0,0 +1,83 @@ +--- +subcategory: "Redis" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_redis_cache_access_policy_assignment" +description: |- + Manages a Redis Cache Access Policy Assignment. +--- + +# azurerm_redis_cache_access_policy_assignment + +Manages a Redis Cache Access Policy Assignment + +## Example Usage + +```hcl +data "azurerm_client_config" "test" { +} + +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "East US" +} + +resource "azurerm_redis_cache" "example" { + name = "example" + location = azurerm_resource_group.example.location + resource_group_name = azurerm_resource_group.example.name + capacity = 1 + family = "P" + sku_name = "Premium" + enable_non_ssl_port = false + + redis_configuration { + maxmemory_reserved = 2 + maxmemory_delta = 2 + maxmemory_policy = "allkeys-lru" + } +} + +resource "azurerm_redis_cache_access_policy_assignment" "example" { + name = "example" + redis_cache_id = azurerm_redis_cache.example.id + access_policy_name = "Data Contributor" + object_id = data.azurerm_client_config.test.object_id + object_id_alias = "ServicePrincipal" +} +``` + +## Arguments Reference + +The following arguments are supported: + +* `name` - (Required) The name of the Redis Cache Access Policy Assignment. Changing this forces a new Redis Cache Access Policy Assignment to be created. + +* `redis_cache_id` - (Required) The ID of the Redis Cache. Changing this forces a new Redis Cache Access Policy Assignment to be created. + +* `access_policy_name` - (Required) The name of the Access Policy to be assigned. Changing this forces a new Redis Cache Access Policy Assignment to be created. + +* `object_id` - (Required) The principal ID to be assigned the Access Policy. Changing this forces a new Redis Cache Access Policy Assignment to be created. + +* `object_id_alias` - (Required) The alias of the principal ID. Possible values are `ServicePrincipal` and `UserMSI`. Changing this forces a new Redis Cache Access Policy Assignment to be created. + +## Attributes Reference + +In addition to the Arguments listed above - the following Attributes are exported: + +* `id` - The ID of the Redis Cache Access Policy Assignment. + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: + +* `create` - (Defaults to 60 minutes) Used when creating the Redis Cache Access Policy Assignment. +* `read` - (Defaults to 5 minutes) Used when retrieving the Redis Cache Access Policy Assignment. +* `delete` - (Defaults to 60 minutes) Used when deleting the Redis Cache Access Policy Assignment. + +## Import + +Redis Cache Policy Assignment can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_redis_cache_access_policy_assignment.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Cache/redis/cache1/accessPolicyAssignments/assignment1 +```