Skip to content

Commit

Permalink
mhsm can update tags and acl
Browse files Browse the repository at this point in the history
  • Loading branch information
wuxu92 committed Dec 28, 2023
1 parent 46a95c1 commit aed33c5
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ func resourceKeyVaultManagedHardwareSecurityModule() *pluginsdk.Resource {
},

// https://github.com/Azure/azure-rest-api-specs/issues/13365
"tags": commonschema.TagsForceNew(),
"tags": commonschema.Tags(),
},
}
}
Expand Down Expand Up @@ -260,6 +260,22 @@ func resourceArmKeyVaultManagedHardwareSecurityModuleUpdate(d *pluginsdk.Resourc
return fmt.Errorf("retrieving %s: %+v", id, err)
}

model := resp.Model
hasUpdate := false
if d.HasChange("tags") {
hasUpdate = true
model.Tags = tags.Expand(d.Get("tags").(map[string]interface{}))
}
if d.HasChange("network_acls") {
hasUpdate = true
model.Properties.NetworkAcls = expandMHSMNetworkAcls(d.Get("network_acls").([]interface{}))
}
if hasUpdate {
if err := hsmClient.CreateOrUpdateThenPoll(ctx, *id, *model); err != nil {
return fmt.Errorf("updating %s tags: %+v", id, err)
}
}

// security domain download to activate this module
if ok := d.HasChange("security_domain_key_vault_certificate_ids"); ok {
// get hsm uri
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func TestAccKeyVaultManagedHardwareSecurityModule(t *testing.T) {
"resource": {
"data_source": testAccDataSourceKeyVaultManagedHardwareSecurityModule_basic,
"basic": testAccKeyVaultManagedHardwareSecurityModule_basic,
"update": testAccKeyVaultManagedHardwareSecurityModule_requiresImport,
"update": testAccKeyVaultManagedHardwareSecurityModule_updateAndRequiresImport,
"complete": testAccKeyVaultManagedHardwareSecurityModule_complete,
"download": testAccKeyVaultManagedHardwareSecurityModule_download,
"role_define": testAccKeyVaultManagedHardwareSecurityModule_roleDefinition,
Expand Down Expand Up @@ -122,7 +122,7 @@ func testAccKeyVaultManagedHardwareSecurityModule_roleAssignment(t *testing.T) {
})
}

func testAccKeyVaultManagedHardwareSecurityModule_requiresImport(t *testing.T) {
func testAccKeyVaultManagedHardwareSecurityModule_updateAndRequiresImport(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_key_vault_managed_hardware_security_module", "test")
r := KeyVaultManagedHardwareSecurityModuleResource{}

Expand All @@ -133,6 +133,14 @@ func testAccKeyVaultManagedHardwareSecurityModule_requiresImport(t *testing.T) {
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.basicUpdate(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
data.RequiresImportErrorStep(r.requiresImport),
})
}
Expand Down Expand Up @@ -187,6 +195,37 @@ resource "azurerm_key_vault_managed_hardware_security_module" "test" {
`, template, data.RandomInteger)
}

func (r KeyVaultManagedHardwareSecurityModuleResource) basicUpdate(data acceptance.TestData) string {
template := r.template(data)
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
%s
resource "azurerm_key_vault_managed_hardware_security_module" "test" {
name = "kvHsm%d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
sku_name = "Standard_B1"
tenant_id = data.azurerm_client_config.current.tenant_id
admin_object_ids = [data.azurerm_client_config.current.object_id]
purge_protection_enabled = false
network_acls {
default_action = "Deny"
bypass = "AzureServices"
}
tags = {
Env = "Test"
App = "TF"
}
}
`, template, data.RandomInteger)
}

func (r KeyVaultManagedHardwareSecurityModuleResource) requiresImport(data acceptance.TestData) string {
template := r.basic(data)
return fmt.Sprintf(`
Expand Down

0 comments on commit aed33c5

Please sign in to comment.