Skip to content

Commit

Permalink
Merge pull request #24737 from hashicorp/refactor/managed-hsm-to-its-…
Browse files Browse the repository at this point in the history
…own-servicepackage

refactor: splitting `ManagedHSM` out into it’s own Service Package
  • Loading branch information
tombuildsstuff authored Feb 2, 2024
2 parents 03e4951 + 496ed9a commit 5f435ec
Show file tree
Hide file tree
Showing 26 changed files with 242 additions and 129 deletions.
5 changes: 4 additions & 1 deletion .github/labeler-issue-triage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ service/iot-time-series:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_iot_time_series_insights_((.|\n)*)###'

service/key-vault:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_key_vault((.|\n)*)###'
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(key_vault\W+|key_vault_access_policy\W+|key_vault_certificate\W+|key_vault_certificate_contacts\W+|key_vault_certificate_data\W+|key_vault_certificate_issuer\W+|key_vault_certificates\W+|key_vault_encrypted_value\W+|key_vault_key\W+|key_vault_managed_storage_account\W+|key_vault_managed_storage_account_sas_token_definition\W+|key_vault_secret\W+|key_vault_secrets\W+)((.|\n)*)###'

service/kusto:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_kusto_((.|\n)*)###'
Expand Down Expand Up @@ -210,6 +210,9 @@ service/maintenance:
service/managed-apps:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_managed_application((.|\n)*)###'

service/managed-hsm:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_key_vault_managed_hardware_security_module((.|\n)*)###'

service/management-groups:
- '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(management_group\W+|management_group_subscription_association\W+)((.|\n)*)###'

Expand Down
5 changes: 5 additions & 0 deletions .github/labeler-pull-request-triage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,11 @@ service/managed-apps:
- any-glob-to-any-file:
- internal/services/managedapplications/**/*

service/managed-hsm:
- changed-files:
- any-glob-to-any-file:
- internal/services/managedhsm/**/*

service/management-groups:
- changed-files:
- any-glob-to-any-file:
Expand Down
1 change: 1 addition & 0 deletions .teamcity/components/generated/services.kt
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ var services = mapOf(
"machinelearning" to "Machine Learning",
"maintenance" to "Maintenance",
"managedapplications" to "Managed Applications",
"managedhsm" to "Managed HSM",
"managedidentity" to "ManagedIdentity",
"managementgroup" to "Management Group",
"maps" to "Maps",
Expand Down
3 changes: 3 additions & 0 deletions internal/clients/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ import (
machinelearning "github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning/client"
maintenance "github.com/hashicorp/terraform-provider-azurerm/internal/services/maintenance/client"
managedapplication "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedapplications/client"
managedhsm "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/client"
managementgroup "github.com/hashicorp/terraform-provider-azurerm/internal/services/managementgroup/client"
maps "github.com/hashicorp/terraform-provider-azurerm/internal/services/maps/client"
mariadb "github.com/hashicorp/terraform-provider-azurerm/internal/services/mariadb/client"
Expand Down Expand Up @@ -228,6 +229,7 @@ type Client struct {
Maintenance *maintenance.Client
ManagedApplication *managedapplication.Client
ManagementGroups *managementgroup.Client
ManagedHSMs *managedhsm.Client
Maps *maps.Client
MariaDB *mariadb.Client
Media *media.Client
Expand Down Expand Up @@ -492,6 +494,7 @@ func (client *Client) Build(ctx context.Context, o *common.ClientOptions) error
return fmt.Errorf("building clients for Managed Applications: %+v", err)
}
client.ManagementGroups = managementgroup.NewClient(o)
client.ManagedHSMs = managedhsm.NewClient(o)
if client.Maps, err = maps.NewClient(o); err != nil {
return fmt.Errorf("building clients for Maps: %+v", err)
}
Expand Down
5 changes: 4 additions & 1 deletion internal/provider/services.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ import (
"github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/maintenance"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/managedapplications"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/managedidentity"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/managementgroup"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/maps"
Expand Down Expand Up @@ -177,8 +178,9 @@ func SupportedTypedServices() []sdk.TypedServiceRegistration {
labservice.Registration{},
loadbalancer.Registration{},
loganalytics.Registration{},
media.Registration{},
machinelearning.Registration{},
managedhsm.Registration{},
media.Registration{},
monitor.Registration{},
mobilenetwork.Registration{},
mssql.Registration{},
Expand Down Expand Up @@ -279,6 +281,7 @@ func SupportedUntypedServices() []sdk.UntypedServiceRegistration {
managedapplications.Registration{},
lighthouse.Registration{},
managementgroup.Registration{},
managedhsm.Registration{},
maps.Registration{},
mariadb.Registration{},
media.Registration{},
Expand Down
37 changes: 11 additions & 26 deletions internal/services/keyvault/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,48 +4,33 @@
package client

import (
"github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/managedhsms"
"github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/vaults"
"github.com/hashicorp/terraform-provider-azurerm/internal/common"
dataplane "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault"
)

type Client struct {
ManagedHsmClient *managedhsms.ManagedHsmsClient
ManagementClient *dataplane.BaseClient
VaultsClient *vaults.VaultsClient
// NOTE: Key Vault and Managed HSMs are /intentionally/ split into two different service packages
// whilst the service shares a similar interface - the behaviours and functionalities of the service
// including the casing that is required to be used for the constants - differs between the two
// services.
//
// As such this separation on our side is intentional to avoid code reuse given these differences.

VaultsClient *vaults.VaultsClient

MHSMSDClient *dataplane.HSMSecurityDomainClient
MHSMRoleClient *dataplane.RoleDefinitionsClient
MHSMRoleAssignmentsClient *dataplane.RoleAssignmentsClient
ManagementClient *dataplane.BaseClient
}

func NewClient(o *common.ClientOptions) *Client {
managedHsmClient := managedhsms.NewManagedHsmsClientWithBaseURI(o.ResourceManagerEndpoint)
o.ConfigureClient(&managedHsmClient.Client, o.ResourceManagerAuthorizer)

managementClient := dataplane.New()
o.ConfigureClient(&managementClient.Client, o.KeyVaultAuthorizer)

vaultsClient := vaults.NewVaultsClientWithBaseURI(o.ResourceManagerEndpoint)

sdClient := dataplane.NewHSMSecurityDomainClient()
o.ConfigureClient(&sdClient.Client, o.ManagedHSMAuthorizer)

mhsmRoleDefineClient := dataplane.NewRoleDefinitionsClient()
o.ConfigureClient(&mhsmRoleDefineClient.Client, o.ManagedHSMAuthorizer)

o.ConfigureClient(&vaultsClient.Client, o.ResourceManagerAuthorizer)

mhsmRoleAssignClient := dataplane.NewRoleAssignmentsClient()
o.ConfigureClient(&mhsmRoleAssignClient.Client, o.ManagedHSMAuthorizer)

return &Client{
ManagedHsmClient: &managedHsmClient,
ManagementClient: &managementClient,
VaultsClient: &vaultsClient,
MHSMSDClient: &sdClient,
MHSMRoleClient: &mhsmRoleDefineClient,
MHSMRoleAssignmentsClient: &mhsmRoleAssignClient,
ManagementClient: &managementClient,
VaultsClient: &vaultsClient,
}
}
23 changes: 9 additions & 14 deletions internal/services/keyvault/registration.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,16 +34,15 @@ func (r Registration) WebsiteCategories() []string {
// SupportedDataSources returns the supported Data Sources supported by this Service
func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource {
return map[string]*pluginsdk.Resource{
"azurerm_key_vault_access_policy": dataSourceKeyVaultAccessPolicy(),
"azurerm_key_vault_certificate": dataSourceKeyVaultCertificate(),
"azurerm_key_vault_certificate_data": dataSourceKeyVaultCertificateData(),
"azurerm_key_vault_certificate_issuer": dataSourceKeyVaultCertificateIssuer(),
"azurerm_key_vault_key": dataSourceKeyVaultKey(),
"azurerm_key_vault_managed_hardware_security_module": dataSourceKeyVaultManagedHardwareSecurityModule(),
"azurerm_key_vault_secret": dataSourceKeyVaultSecret(),
"azurerm_key_vault_secrets": dataSourceKeyVaultSecrets(),
"azurerm_key_vault": dataSourceKeyVault(),
"azurerm_key_vault_certificates": dataSourceKeyVaultCertificates(),
"azurerm_key_vault_access_policy": dataSourceKeyVaultAccessPolicy(),
"azurerm_key_vault_certificate": dataSourceKeyVaultCertificate(),
"azurerm_key_vault_certificate_data": dataSourceKeyVaultCertificateData(),
"azurerm_key_vault_certificate_issuer": dataSourceKeyVaultCertificateIssuer(),
"azurerm_key_vault_key": dataSourceKeyVaultKey(),
"azurerm_key_vault_secret": dataSourceKeyVaultSecret(),
"azurerm_key_vault_secrets": dataSourceKeyVaultSecrets(),
"azurerm_key_vault": dataSourceKeyVault(),
"azurerm_key_vault_certificates": dataSourceKeyVaultCertificates(),
}
}

Expand All @@ -54,7 +53,6 @@ func (r Registration) SupportedResources() map[string]*pluginsdk.Resource {
"azurerm_key_vault_certificate": resourceKeyVaultCertificate(),
"azurerm_key_vault_certificate_issuer": resourceKeyVaultCertificateIssuer(),
"azurerm_key_vault_key": resourceKeyVaultKey(),
"azurerm_key_vault_managed_hardware_security_module": resourceKeyVaultManagedHardwareSecurityModule(),
"azurerm_key_vault_secret": resourceKeyVaultSecret(),
"azurerm_key_vault": resourceKeyVault(),
"azurerm_key_vault_managed_storage_account": resourceKeyVaultManagedStorageAccount(),
Expand All @@ -65,14 +63,11 @@ func (r Registration) SupportedResources() map[string]*pluginsdk.Resource {
func (r Registration) DataSources() []sdk.DataSource {
return []sdk.DataSource{
EncryptedValueDataSource{},
KeyvaultMHSMRoleDefinitionDataSource{},
}
}

func (r Registration) Resources() []sdk.Resource {
return []sdk.Resource{
KeyVaultCertificateContactsResource{},
KeyVaultMHSMRoleDefinitionResource{},
KeyVaultManagedHSMRoleAssignmentResource{},
}
}
56 changes: 56 additions & 0 deletions internal/services/managedhsm/client/client.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package client

import (
"github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/managedhsms"
"github.com/hashicorp/terraform-provider-azurerm/internal/common"
dataplane "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault"
)

type Client struct {
// NOTE: Key Vault and Managed HSMs are /intentionally/ split into two different service packages
// whilst the service shares a similar interface - the behaviours and functionalities of the service
// including the casing that is required to be used for the constants - differs between the two
// services.
//
// As such this separation on our side is intentional to avoid code reuse given these differences.

// Resource Manager
ManagedHsmClient *managedhsms.ManagedHsmsClient

// Data Plane
DataPlaneClient *dataplane.BaseClient
DataPlaneRoleAssignmentsClient *dataplane.RoleAssignmentsClient
DataPlaneRoleDefinitionsClient *dataplane.RoleDefinitionsClient
DataPlaneSecurityDomainsClient *dataplane.HSMSecurityDomainClient
}

func NewClient(o *common.ClientOptions) *Client {
managedHsmClient := managedhsms.NewManagedHsmsClientWithBaseURI(o.ResourceManagerEndpoint)
o.ConfigureClient(&managedHsmClient.Client, o.ResourceManagerAuthorizer)

managementClient := dataplane.New()
o.ConfigureClient(&managementClient.Client, o.KeyVaultAuthorizer)

securityDomainClient := dataplane.NewHSMSecurityDomainClient()
o.ConfigureClient(&securityDomainClient.Client, o.ManagedHSMAuthorizer)

roleDefinitionsClient := dataplane.NewRoleDefinitionsClient()
o.ConfigureClient(&roleDefinitionsClient.Client, o.ManagedHSMAuthorizer)

roleAssignmentsClient := dataplane.NewRoleAssignmentsClient()
o.ConfigureClient(&roleAssignmentsClient.Client, o.ManagedHSMAuthorizer)

return &Client{
// Resource Manger
ManagedHsmClient: &managedHsmClient,

// Data Plane
DataPlaneClient: &managementClient,
DataPlaneSecurityDomainsClient: &securityDomainClient,
DataPlaneRoleDefinitionsClient: &roleDefinitionsClient,
DataPlaneRoleAssignmentsClient: &roleAssignmentsClient,
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,20 @@ import (
"time"

"github.com/hashicorp/go-azure-sdk/sdk/client/pollers"
kv74 "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault"
dataplane "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault"
)

var _ pollers.PollerType = &hsmDownloadPoller{}

func NewHSMDownloadPoller(client *kv74.HSMSecurityDomainClient, baseUrl string) *hsmDownloadPoller {
func NewHSMDownloadPoller(client *dataplane.HSMSecurityDomainClient, baseUrl string) pollers.PollerType {
return &hsmDownloadPoller{
client: client,
baseUrl: baseUrl,
}
}

type hsmDownloadPoller struct {
client *kv74.HSMSecurityDomainClient
client *dataplane.HSMSecurityDomainClient
baseUrl string
}

Expand All @@ -32,7 +32,7 @@ func (p *hsmDownloadPoller) Poll(ctx context.Context) (*pollers.PollResult, erro
return nil, fmt.Errorf("waiting for Security Domain to download failed within %s: %+v", p.baseUrl, err)
}

if res.Status == kv74.OperationStatusSuccess {
if res.Status == dataplane.OperationStatusSuccess {
return &pollers.PollResult{
Status: pollers.PollingStatusSucceeded,
PollInterval: 10 * time.Second,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (

var _ pollers.PollerType = &hsmDownloadPoller{}

func NewHSMPurgePoller(client *managedhsms.ManagedHsmsClient, id managedhsms.DeletedManagedHSMId) *hsmPurgePoller {
func NewHSMPurgePoller(client *managedhsms.ManagedHsmsClient, id managedhsms.DeletedManagedHSMId) pollers.PollerType {
return &hsmPurgePoller{
client: client,
purgeId: id,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package keyvault
package managedhsm

import (
"fmt"
Expand All @@ -13,7 +13,7 @@ import (
"github.com/hashicorp/go-azure-helpers/resourcemanager/tags"
"github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/managedhsms"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/validate"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
"github.com/hashicorp/terraform-provider-azurerm/utils"
Expand Down Expand Up @@ -77,7 +77,7 @@ func dataSourceKeyVaultManagedHardwareSecurityModule() *pluginsdk.Resource {
}

func dataSourceKeyVaultManagedHardwareSecurityModuleRead(d *pluginsdk.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).KeyVault.ManagedHsmClient
client := meta.(*clients.Client).ManagedHSMs.ManagedHsmClient
subscriptionId := meta.(*clients.Client).Account.SubscriptionId
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
defer cancel()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package keyvault_test
package managedhsm_test

import (
"fmt"
Expand Down
Loading

0 comments on commit 5f435ec

Please sign in to comment.