Add support for system and user assigned identity (#22828)

hashicorp · Aug 9, 2023 · a718559 · a718559
1 parent f719908
commit a718559
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 17 deletions.
diff --git a/internal/services/mssql/mssql_server_resource.go b/internal/services/mssql/mssql_server_resource.go
@@ -135,7 +135,7 @@ func resourceMsSqlServer() *pluginsdk.Resource {
 				}, false),
 			},
 
-			"identity": commonschema.SystemOrUserAssignedIdentityOptional(),
+			"identity": commonschema.SystemAssignedUserAssignedIdentityOptional(),
 
 			"transparent_data_encryption_key_vault_key_id": {
 				Type:         pluginsdk.TypeString,
@@ -582,15 +582,15 @@ func resourceMsSqlServerDelete(d *pluginsdk.ResourceData, meta interface{}) erro
 }
 
 func expandSqlServerIdentity(input []interface{}) (*sql.ResourceIdentity, error) {
-	expanded, err := identity.ExpandSystemOrUserAssignedMap(input)
+	expanded, err := identity.ExpandSystemAndUserAssignedMap(input)
 	if err != nil {
 		return nil, err
 	}
 
 	out := sql.ResourceIdentity{
 		Type: sql.IdentityType(string(expanded.Type)),
 	}
-	if expanded.Type == identity.TypeUserAssigned {
+	if expanded.Type == identity.TypeUserAssigned || expanded.Type == identity.TypeSystemAssignedUserAssigned {
 		out.UserAssignedIdentities = make(map[string]*sql.UserIdentity)
 		for k := range expanded.IdentityIds {
 			out.UserAssignedIdentities[k] = &sql.UserIdentity{
@@ -603,10 +603,10 @@ func expandSqlServerIdentity(input []interface{}) (*sql.ResourceIdentity, error)
 }
 
 func flattenSqlServerIdentity(input *sql.ResourceIdentity) (*[]interface{}, error) {
-	var transform *identity.SystemOrUserAssignedMap
+	var transform *identity.SystemAndUserAssignedMap
 
 	if input != nil {
-		transform = &identity.SystemOrUserAssignedMap{
+		transform = &identity.SystemAndUserAssignedMap{
 			Type:        identity.Type(string(input.Type)),
 			IdentityIds: make(map[string]identity.UserAssignedIdentityDetails),
 		}
@@ -616,21 +616,19 @@ func flattenSqlServerIdentity(input *sql.ResourceIdentity) (*[]interface{}, erro
 		if input.TenantID != nil {
 			transform.TenantId = input.TenantID.String()
 		}
-		if input.UserAssignedIdentities != nil {
-			for k, v := range input.UserAssignedIdentities {
-				details := identity.UserAssignedIdentityDetails{}
-				if v.ClientID != nil {
-					details.ClientId = utils.String(v.ClientID.String())
-				}
-				if v.PrincipalID != nil {
-					details.PrincipalId = utils.String(v.PrincipalID.String())
-				}
-				transform.IdentityIds[k] = details
+		for k, v := range input.UserAssignedIdentities {
+			details := identity.UserAssignedIdentityDetails{}
+			if v.ClientID != nil {
+				details.ClientId = utils.String(v.ClientID.String())
 			}
+			if v.PrincipalID != nil {
+				details.PrincipalId = utils.String(v.PrincipalID.String())
+			}
+			transform.IdentityIds[k] = details
 		}
 	}
 
-	return identity.FlattenSystemOrUserAssignedMap(transform)
+	return identity.FlattenSystemAndUserAssignedMap(transform)
 }
 
 func expandMsSqlServerAADOnlyAuthentictions(input []interface{}) bool {

diff --git a/internal/services/mssql/mssql_server_resource_test.go b/internal/services/mssql/mssql_server_resource_test.go
@@ -144,6 +144,21 @@ func TestAccMsSqlServer_userAssignedIdentity(t *testing.T) {
 	})
 }
 
+func TestAccMsSqlServer_systemAndUserAssignedIdentity(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_mssql_server", "test")
+	r := MsSqlServerResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.systemAndUserAssignedIdentity(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep("administrator_login_password"),
+	})
+}
+
 func TestAccMsSqlServer_azureadAdmin(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_mssql_server", "test")
 	r := MsSqlServerResource{}
@@ -610,6 +625,41 @@ resource "azurerm_mssql_server" "test" {
 `, data.RandomInteger, data.Locations.Primary)
 }
 
+func (MsSqlServerResource) systemAndUserAssignedIdentity(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-mssql-%[1]d"
+  location = "%[2]s"
+}
+
+resource "azurerm_user_assigned_identity" "test" {
+  name                = "acctestUAI-%[1]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_mssql_server" "test" {
+  name                         = "acctestsqlserver%[1]d"
+  resource_group_name          = azurerm_resource_group.test.name
+  location                     = azurerm_resource_group.test.location
+  version                      = "12.0"
+  administrator_login          = "missadministrator"
+  administrator_login_password = "thisIsKat11"
+
+  identity {
+    type = "SystemAssigned, UserAssigned"
+    identity_ids = [
+      azurerm_user_assigned_identity.test.id,
+    ]
+  }
+}
+`, data.RandomInteger, data.Locations.Primary)
+}
+
 func (MsSqlServerResource) aadAdmin(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {

diff --git a/website/docs/r/mssql_server.html.markdown b/website/docs/r/mssql_server.html.markdown
@@ -171,7 +171,7 @@ The following arguments are supported:
 
 An `identity` block supports the following:
 
-* `type` - (Required) Specifies the type of Managed Service Identity that should be configured on this SQL Server. Possible values are `SystemAssigned`, `UserAssigned`.
+* `type` - (Required) Specifies the type of Managed Service Identity that should be configured on this SQL Server. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both).
 
 * `identity_ids` - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Server.