From a71855962f88203748ba5d9a9c629a9283c05135 Mon Sep 17 00:00:00 2001 From: Matthew Frahry Date: Tue, 8 Aug 2023 22:34:42 -0700 Subject: [PATCH] Add support for system and user assigned identity (#22828) --- .../services/mssql/mssql_server_resource.go | 30 ++++++----- .../mssql/mssql_server_resource_test.go | 50 +++++++++++++++++++ website/docs/r/mssql_server.html.markdown | 2 +- 3 files changed, 65 insertions(+), 17 deletions(-) diff --git a/internal/services/mssql/mssql_server_resource.go b/internal/services/mssql/mssql_server_resource.go index 7cf4e3555a66..f27a437a98e5 100644 --- a/internal/services/mssql/mssql_server_resource.go +++ b/internal/services/mssql/mssql_server_resource.go @@ -135,7 +135,7 @@ func resourceMsSqlServer() *pluginsdk.Resource { }, false), }, - "identity": commonschema.SystemOrUserAssignedIdentityOptional(), + "identity": commonschema.SystemAssignedUserAssignedIdentityOptional(), "transparent_data_encryption_key_vault_key_id": { Type: pluginsdk.TypeString, @@ -582,7 +582,7 @@ func resourceMsSqlServerDelete(d *pluginsdk.ResourceData, meta interface{}) erro } func expandSqlServerIdentity(input []interface{}) (*sql.ResourceIdentity, error) { - expanded, err := identity.ExpandSystemOrUserAssignedMap(input) + expanded, err := identity.ExpandSystemAndUserAssignedMap(input) if err != nil { return nil, err } @@ -590,7 +590,7 @@ func expandSqlServerIdentity(input []interface{}) (*sql.ResourceIdentity, error) out := sql.ResourceIdentity{ Type: sql.IdentityType(string(expanded.Type)), } - if expanded.Type == identity.TypeUserAssigned { + if expanded.Type == identity.TypeUserAssigned || expanded.Type == identity.TypeSystemAssignedUserAssigned { out.UserAssignedIdentities = make(map[string]*sql.UserIdentity) for k := range expanded.IdentityIds { out.UserAssignedIdentities[k] = &sql.UserIdentity{ @@ -603,10 +603,10 @@ func expandSqlServerIdentity(input []interface{}) (*sql.ResourceIdentity, error) } func flattenSqlServerIdentity(input *sql.ResourceIdentity) (*[]interface{}, error) { - var transform *identity.SystemOrUserAssignedMap + var transform *identity.SystemAndUserAssignedMap if input != nil { - transform = &identity.SystemOrUserAssignedMap{ + transform = &identity.SystemAndUserAssignedMap{ Type: identity.Type(string(input.Type)), IdentityIds: make(map[string]identity.UserAssignedIdentityDetails), } @@ -616,21 +616,19 @@ func flattenSqlServerIdentity(input *sql.ResourceIdentity) (*[]interface{}, erro if input.TenantID != nil { transform.TenantId = input.TenantID.String() } - if input.UserAssignedIdentities != nil { - for k, v := range input.UserAssignedIdentities { - details := identity.UserAssignedIdentityDetails{} - if v.ClientID != nil { - details.ClientId = utils.String(v.ClientID.String()) - } - if v.PrincipalID != nil { - details.PrincipalId = utils.String(v.PrincipalID.String()) - } - transform.IdentityIds[k] = details + for k, v := range input.UserAssignedIdentities { + details := identity.UserAssignedIdentityDetails{} + if v.ClientID != nil { + details.ClientId = utils.String(v.ClientID.String()) } + if v.PrincipalID != nil { + details.PrincipalId = utils.String(v.PrincipalID.String()) + } + transform.IdentityIds[k] = details } } - return identity.FlattenSystemOrUserAssignedMap(transform) + return identity.FlattenSystemAndUserAssignedMap(transform) } func expandMsSqlServerAADOnlyAuthentictions(input []interface{}) bool { diff --git a/internal/services/mssql/mssql_server_resource_test.go b/internal/services/mssql/mssql_server_resource_test.go index 87eefadbef62..0b802301e45c 100644 --- a/internal/services/mssql/mssql_server_resource_test.go +++ b/internal/services/mssql/mssql_server_resource_test.go @@ -144,6 +144,21 @@ func TestAccMsSqlServer_userAssignedIdentity(t *testing.T) { }) } +func TestAccMsSqlServer_systemAndUserAssignedIdentity(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_mssql_server", "test") + r := MsSqlServerResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.systemAndUserAssignedIdentity(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("administrator_login_password"), + }) +} + func TestAccMsSqlServer_azureadAdmin(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_mssql_server", "test") r := MsSqlServerResource{} @@ -610,6 +625,41 @@ resource "azurerm_mssql_server" "test" { `, data.RandomInteger, data.Locations.Primary) } +func (MsSqlServerResource) systemAndUserAssignedIdentity(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-mssql-%[1]d" + location = "%[2]s" +} + +resource "azurerm_user_assigned_identity" "test" { + name = "acctestUAI-%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_mssql_server" "test" { + name = "acctestsqlserver%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + version = "12.0" + administrator_login = "missadministrator" + administrator_login_password = "thisIsKat11" + + identity { + type = "SystemAssigned, UserAssigned" + identity_ids = [ + azurerm_user_assigned_identity.test.id, + ] + } +} +`, data.RandomInteger, data.Locations.Primary) +} + func (MsSqlServerResource) aadAdmin(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/website/docs/r/mssql_server.html.markdown b/website/docs/r/mssql_server.html.markdown index 36cac8d4a6db..4a5511387cf6 100644 --- a/website/docs/r/mssql_server.html.markdown +++ b/website/docs/r/mssql_server.html.markdown @@ -171,7 +171,7 @@ The following arguments are supported: An `identity` block supports the following: -* `type` - (Required) Specifies the type of Managed Service Identity that should be configured on this SQL Server. Possible values are `SystemAssigned`, `UserAssigned`. +* `type` - (Required) Specifies the type of Managed Service Identity that should be configured on this SQL Server. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). * `identity_ids` - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Server.