Merge pull request #5668 from terraform-providers/nr_storage_account_cmk

New Resource: 'azurerm_storage_account_customer_managed_key' to enable storage account encryption using key vault customer-managed keys
hashicorp · Feb 24, 2020 · 66378cc · 66378cc
2 parents b21bda7 + ef0105d
commit 66378cc
Show file tree

Hide file tree

Showing 20 changed files with 864 additions and 301 deletions.
diff --git a/azurerm/internal/acceptance/data.go b/azurerm/internal/acceptance/data.go
@@ -24,7 +24,7 @@ type TestData struct {
 	// Locations is a set of Azure Regions which should be used for this Test
 	Locations Regions
 
-	// RandomString is a random integer which is unique to this test case
+	// RandomInteger is a random integer which is unique to this test case
 	RandomInteger int
 
 	// RandomString is a random 5 character string is unique to this test case
@@ -90,6 +90,7 @@ func BuildTestData(t *testing.T, resourceType string, resourceLabel string) Test
 	return testData
 }
 
+// RandomIntOfLength is a random 8 to 18 digit integer which is unique to this test case
 func (td *TestData) RandomIntOfLength(len int) int {
 	// len should not be
 	//  - greater then 18, longest a int can represent
@@ -116,3 +117,13 @@ func (td *TestData) RandomIntOfLength(len int) int {
 
 	return i
 }
+
+// RandomStringOfLength is a random 1 to 1024 character string which is unique to this test case
+func (td *TestData) RandomStringOfLength(len int) string {
+	// len should not be less then 1 or greater than 1024
+	if 1 > len || len > 1024 {
+		panic(fmt.Sprintf("Invalid Test: RandomStringOfLength: length argument must be between 1 and 1024 characters"))
+	}
+
+	return acctest.RandString(len)
+}
diff --git a/azurerm/internal/services/iothub/resource_arm_iothub.go b/azurerm/internal/services/iothub/resource_arm_iothub.go
@@ -26,6 +26,8 @@ import (
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
+// TODO: outside of this pr make this private
+
 var IothubResourceName = "azurerm_iothub"
 
 func suppressIfTypeIsNot(t string) schema.SchemaDiffSuppressFunc {

diff --git a/azurerm/internal/services/keyvault/parse/key_vault_id.go b/azurerm/internal/services/keyvault/parse/key_vault_id.go
@@ -0,0 +1,31 @@
+package parse
+
+import (
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+)
+
+type KeyVaultId struct {
+	Name          string
+	ResourceGroup string
+}
+
+func KeyVaultID(input string) (*KeyVaultId, error) {
+	id, err := azure.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, err
+	}
+
+	account := KeyVaultId{
+		ResourceGroup: id.ResourceGroup,
+	}
+
+	if account.Name, err = id.PopSegment("vaults"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &account, nil
+}
diff --git a/azurerm/internal/services/keyvault/parse/key_vault_id_test.go b/azurerm/internal/services/keyvault/parse/key_vault_id_test.go
@@ -0,0 +1,73 @@
+package parse
+
+import (
+	"testing"
+)
+
+func TestKeyVaultID(t *testing.T) {
+	testData := []struct {
+		Name     string
+		Input    string
+		Expected *KeyVaultId
+	}{
+		{
+			Name:     "Empty",
+			Input:    "",
+			Expected: nil,
+		},
+		{
+			Name:     "No Resource Groups Segment",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000",
+			Expected: nil,
+		},
+		{
+			Name:     "No Resource Groups Value",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/",
+			Expected: nil,
+		},
+		{
+			Name:     "Resource Group ID",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/",
+			Expected: nil,
+		},
+		{
+			Name:     "Missing Vaults Value",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/",
+			Expected: nil,
+		},
+		{
+			Name:  "Key Vault ID",
+			Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1",
+			Expected: &KeyVaultId{
+				Name:          "vault1",
+				ResourceGroup: "resGroup1",
+			},
+		},
+		{
+			Name:     "Wrong Casing",
+			Input:    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.KeyVault/Vaults/vault1",
+			Expected: nil,
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q", v.Name)
+
+		actual, err := KeyVaultID(v.Input)
+		if err != nil {
+			if v.Expected == nil {
+				continue
+			}
+
+			t.Fatalf("Expected a value but got an error: %s", err)
+		}
+
+		if actual.Name != v.Expected.Name {
+			t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name)
+		}
+
+		if actual.ResourceGroup != v.Expected.ResourceGroup {
+			t.Fatalf("Expected %q but got %q for Resource Group", v.Expected.ResourceGroup, actual.ResourceGroup)
+		}
+	}
+}
diff --git a/azurerm/internal/services/keyvault/resource_arm_key_vault_key.go b/azurerm/internal/services/keyvault/resource_arm_key_vault_key.go
@@ -339,6 +339,7 @@ func resourceArmKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error
 	}
 
 	d.Set("name", id.Name)
+
 	if key := resp.Key; key != nil {
 		d.Set("key_type", string(key.Kty))
 

diff --git a/azurerm/internal/services/keyvault/validate/key_vault_id.go b/azurerm/internal/services/keyvault/validate/key_vault_id.go
@@ -0,0 +1,22 @@
+package validate
+
+import (
+	"fmt"
+
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse"
+)
+
+func KeyVaultID(i interface{}, k string) (warnings []string, errors []error) {
+	v, ok := i.(string)
+	if !ok {
+		errors = append(errors, fmt.Errorf("expected type of %q to be string", k))
+		return
+	}
+
+	if _, err := parse.KeyVaultID(v); err != nil {
+		errors = append(errors, fmt.Errorf("Can not parse %q as a resource id: %v", k, err))
+		return
+	}
+
+	return warnings, errors
+}
diff --git a/azurerm/internal/services/storage/data_source_storage_account.go b/azurerm/internal/services/storage/data_source_storage_account.go
@@ -54,11 +54,6 @@ func dataSourceArmStorageAccount() *schema.Resource {
 				Computed: true,
 			},
 
-			"account_encryption_source": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-
 			"custom_domain": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -72,16 +67,6 @@ func dataSourceArmStorageAccount() *schema.Resource {
 				},
 			},
 
-			"enable_blob_encryption": {
-				Type:     schema.TypeBool,
-				Computed: true,
-			},
-
-			"enable_file_encryption": {
-				Type:     schema.TypeBool,
-				Computed: true,
-			},
-
 			"enable_https_traffic_only": {
 				Type:     schema.TypeBool,
 				Computed: true,
@@ -329,18 +314,6 @@ func dataSourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) e
 			}
 		}
 
-		if encryption := props.Encryption; encryption != nil {
-			if services := encryption.Services; services != nil {
-				if blob := services.Blob; blob != nil {
-					d.Set("enable_blob_encryption", blob.Enabled)
-				}
-				if file := services.File; file != nil {
-					d.Set("enable_file_encryption", file.Enabled)
-				}
-			}
-			d.Set("account_encryption_source", string(encryption.KeySource))
-		}
-
 		// Computed
 		d.Set("primary_location", props.PrimaryLocation)
 		d.Set("secondary_location", props.SecondaryLocation)

diff --git a/azurerm/internal/services/storage/registration.go b/azurerm/internal/services/storage/registration.go
@@ -32,16 +32,17 @@ func (r Registration) SupportedDataSources() map[string]*schema.Resource {
 // SupportedResources returns the supported Resources supported by this Service
 func (r Registration) SupportedResources() map[string]*schema.Resource {
 	return map[string]*schema.Resource{
-		"azurerm_storage_account":                   resourceArmStorageAccount(),
-		"azurerm_storage_account_network_rules":     resourceArmStorageAccountNetworkRules(),
-		"azurerm_storage_blob":                      resourceArmStorageBlob(),
-		"azurerm_storage_container":                 resourceArmStorageContainer(),
-		"azurerm_storage_data_lake_gen2_filesystem": resourceArmStorageDataLakeGen2FileSystem(),
-		"azurerm_storage_management_policy":         resourceArmStorageManagementPolicy(),
-		"azurerm_storage_queue":                     resourceArmStorageQueue(),
-		"azurerm_storage_share":                     resourceArmStorageShare(),
-		"azurerm_storage_share_directory":           resourceArmStorageShareDirectory(),
-		"azurerm_storage_table":                     resourceArmStorageTable(),
-		"azurerm_storage_table_entity":              resourceArmStorageTableEntity(),
+		"azurerm_storage_account":                      resourceArmStorageAccount(),
+		"azurerm_storage_account_customer_managed_key": resourceArmStorageAccountCustomerManagedKey(),
+		"azurerm_storage_account_network_rules":        resourceArmStorageAccountNetworkRules(),
+		"azurerm_storage_blob":                         resourceArmStorageBlob(),
+		"azurerm_storage_container":                    resourceArmStorageContainer(),
+		"azurerm_storage_data_lake_gen2_filesystem":    resourceArmStorageDataLakeGen2FileSystem(),
+		"azurerm_storage_management_policy":            resourceArmStorageManagementPolicy(),
+		"azurerm_storage_queue":                        resourceArmStorageQueue(),
+		"azurerm_storage_share":                        resourceArmStorageShare(),
+		"azurerm_storage_share_directory":              resourceArmStorageShareDirectory(),
+		"azurerm_storage_table":                        resourceArmStorageTable(),
+		"azurerm_storage_table_entity":                 resourceArmStorageTableEntity(),
 	}
 }
-Original file line number
+Diff line change
@@ Expand Up @@
     	}
     	d.Set("name", id.Name)
     	if key := resp.Key; key != nil {
     		d.Set("key_type", string(key.Kty))
@@ Expand Down @@