From 75cba0457a18dfff8edb72dd8c2beb5ea4667d60 Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Mon, 23 Oct 2023 15:25:44 +0800 Subject: [PATCH] `log_analytics_cluster_customer_managed_key`: support `key_rsa_size` --- ...s_cluster_customer_managed_key_resource.go | 87 ++++++++++--------- ...cluster_customer_managed_key.html.markdown | 2 + 2 files changed, 47 insertions(+), 42 deletions(-) diff --git a/internal/services/loganalytics/log_analytics_cluster_customer_managed_key_resource.go b/internal/services/loganalytics/log_analytics_cluster_customer_managed_key_resource.go index c6a367b513366..8edf24a77391a 100644 --- a/internal/services/loganalytics/log_analytics_cluster_customer_managed_key_resource.go +++ b/internal/services/loganalytics/log_analytics_cluster_customer_managed_key_resource.go @@ -8,6 +8,7 @@ import ( "log" "time" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-helpers/lang/response" "github.com/hashicorp/go-azure-sdk/resource-manager/operationalinsights/2021-06-01/clusters" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" @@ -17,6 +18,7 @@ import ( keyVaultValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/services/loganalytics/migration" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" "github.com/hashicorp/terraform-provider-azurerm/utils" ) @@ -58,6 +60,12 @@ func resourceLogAnalyticsClusterCustomerManagedKey() *pluginsdk.Resource { Required: true, ValidateFunc: keyVaultValidate.NestedItemIdWithOptionalVersion, }, + + "key_rsa_size": { + Type: pluginsdk.TypeInt, + Optional: true, + ValidateFunc: validation.IntInSlice([]int{2048, 3072, 4096}), + }, }, } } @@ -84,19 +92,12 @@ func resourceLogAnalyticsClusterCustomerManagedKeyCreate(d *pluginsdk.ResourceDa return fmt.Errorf("retrieving %s: %+v", *id, err) } - model := resp.Model - if model == nil { - return fmt.Errorf("retiring `azurerm_log_analytics_cluster` %s: `model` is nil", *id) - } - - props := model.Properties - if props == nil { - return fmt.Errorf("retiring `azurerm_log_analytics_cluster` %s: `Properties` is nil", *id) - } - - if props.KeyVaultProperties != nil { - if keyProps := *props.KeyVaultProperties; keyProps.KeyName != nil && *keyProps.KeyName != "" { - return tf.ImportAsExistsError("azurerm_log_analytics_cluster_customer_managed_key", id.ID()) + if model := resp.Model; model != nil { + if props := model.Properties; props != nil && props.KeyVaultProperties != nil { + keyProps := *props.KeyVaultProperties + if keyProps.KeyName != nil && *keyProps.KeyName != "" { + return tf.ImportAsExistsError("azurerm_log_analytics_cluster_customer_managed_key", id.ID()) + } } } @@ -105,19 +106,21 @@ func resourceLogAnalyticsClusterCustomerManagedKeyCreate(d *pluginsdk.ResourceDa return fmt.Errorf("parsing Key Vault Key ID: %+v", err) } - model.Properties.KeyVaultProperties = &clusters.KeyVaultProperties{ - KeyVaultUri: utils.String(keyId.KeyVaultBaseUrl), - KeyName: utils.String(keyId.Name), - KeyVersion: utils.String(keyId.Version), + clusterPatch := clusters.ClusterPatch{ + Properties: &clusters.ClusterPatchProperties{ + KeyVaultProperties: &clusters.KeyVaultProperties{ + KeyVaultUri: pointer.To(keyId.KeyVaultBaseUrl), + KeyName: pointer.To(keyId.Name), + KeyVersion: pointer.To(keyId.Version), + }, + }, } - // 'properties.associatedWorkspaces' is a read only property and cannot be set. - // tracked on https://github.com/Azure/azure-rest-api-specs/issues/25968 - if model.Properties.AssociatedWorkspaces != nil { - model.Properties.AssociatedWorkspaces = nil + if rsaSize, ok := d.GetOk("key_rsa_size"); ok { + clusterPatch.Properties.KeyVaultProperties.KeyRsaSize = utils.Int64(rsaSize.(int64)) } - if err := client.CreateOrUpdateThenPoll(ctx, *id, *model); err != nil { + if err := client.UpdateThenPoll(ctx, *id, clusterPatch); err != nil { return fmt.Errorf("updating Customer Managed Key for %s: %+v", *id, err) } @@ -146,11 +149,6 @@ func resourceLogAnalyticsClusterCustomerManagedKeyUpdate(d *pluginsdk.ResourceDa locks.ByID(id.ID()) defer locks.UnlockByID(id.ID()) - keyId, err := keyVaultParse.ParseOptionallyVersionedNestedItemID(d.Get("key_vault_key_id").(string)) - if err != nil { - return fmt.Errorf("parsing Key Vault Key ID: %+v", err) - } - resp, err := client.Get(ctx, *id) if err != nil { if response.WasNotFound(resp.HttpResponse) { @@ -160,28 +158,28 @@ func resourceLogAnalyticsClusterCustomerManagedKeyUpdate(d *pluginsdk.ResourceDa return fmt.Errorf("retrieving %s: %+v", *id, err) } - model := resp.Model - if model == nil { - return fmt.Errorf("retiring `azurerm_log_analytics_cluster` %s: `model` is nil", *id) + clusterPatch := clusters.ClusterPatch{ + Properties: &clusters.ClusterPatchProperties{ + KeyVaultProperties: &clusters.KeyVaultProperties{}, + }, } - if props := model.Properties; props == nil { - return fmt.Errorf("retiring `azurerm_log_analytics_cluster` %s: `Properties` is nil", *id) - } + if d.HasChange("key_vault_key_id") { + keyId, err := keyVaultParse.ParseOptionallyVersionedNestedItemID(d.Get("key_vault_key_id").(string)) + if err != nil { + return fmt.Errorf("parsing Key Vault Key ID: %+v", err) + } - model.Properties.KeyVaultProperties = &clusters.KeyVaultProperties{ - KeyVaultUri: utils.String(keyId.KeyVaultBaseUrl), - KeyName: utils.String(keyId.Name), - KeyVersion: utils.String(keyId.Version), + clusterPatch.Properties.KeyVaultProperties.KeyVaultUri = pointer.To(keyId.KeyVaultBaseUrl) + clusterPatch.Properties.KeyVaultProperties.KeyName = pointer.To(keyId.Name) + clusterPatch.Properties.KeyVaultProperties.KeyVersion = pointer.To(keyId.Version) } - // 'properties.associatedWorkspaces' is a read only property and cannot be set. - // tracked on https://github.com/Azure/azure-rest-api-specs/issues/25968 - if model.Properties.AssociatedWorkspaces != nil { - model.Properties.AssociatedWorkspaces = nil + if d.HasChange("key_rsa_size") { + clusterPatch.Properties.KeyVaultProperties.KeyRsaSize = pointer.To(d.Get("key_rsa_size").(int64)) } - if err := client.CreateOrUpdateThenPoll(ctx, *id, *model); err != nil { + if err := client.UpdateThenPoll(ctx, *id, clusterPatch); err != nil { return fmt.Errorf("updating Customer Managed Key for %s: %+v", *id, err) } @@ -231,6 +229,11 @@ func resourceLogAnalyticsClusterCustomerManagedKeyRead(d *pluginsdk.ResourceData return err } keyVaultKeyId = keyId.ID() + + if kvProps.KeyRsaSize != nil { + d.Set("key_rsa_size", *kvProps.KeyRsaSize) + } + } } } diff --git a/website/docs/r/log_analytics_cluster_customer_managed_key.html.markdown b/website/docs/r/log_analytics_cluster_customer_managed_key.html.markdown index 3ddaf12f7bdfd..b564e854157d1 100644 --- a/website/docs/r/log_analytics_cluster_customer_managed_key.html.markdown +++ b/website/docs/r/log_analytics_cluster_customer_managed_key.html.markdown @@ -105,6 +105,8 @@ The following arguments are supported: * `log_analytics_cluster_id` - (Required) The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created. +* `key_rsa_size` - (Optional) The minimum required size of selected key. Possible values are `2048`, `3072` and `4096`. + ## Attributes Reference In addition to the Arguments listed above - the following Attributes are exported: