From b849d4d8787b11449712fa0cf20886d068f76ff3 Mon Sep 17 00:00:00 2001 From: Tom Harvey Date: Mon, 1 Oct 2018 19:36:57 +1300 Subject: [PATCH] azurerm_builtin_role_definition: support for `data_actions` and `not_data_actions` (#2000) * Adding the data_actions and not_data_actions field * Fixing the broken AzureAD Application tests * Handling a couple of potential crashes --- .../data_source_azuread_application_test.go | 6 +- .../data_source_builtin_role_definition.go | 81 ++++++++++++++++++- azurerm/resource_arm_role_definition.go | 6 ++ .../docs/d/builtin_role_definition.markdown | 2 + 4 files changed, 90 insertions(+), 5 deletions(-) diff --git a/azurerm/data_source_azuread_application_test.go b/azurerm/data_source_azuread_application_test.go index 451fe9c2a804..17cfe0c213cb 100644 --- a/azurerm/data_source_azuread_application_test.go +++ b/azurerm/data_source_azuread_application_test.go @@ -26,7 +26,7 @@ func TestAccDataSourceAzureRMAzureADApplication_byObjectId(t *testing.T) { Check: resource.ComposeTestCheckFunc( testCheckAzureRMActiveDirectoryApplicationExists(dataSourceName), resource.TestCheckResourceAttr(dataSourceName, "name", fmt.Sprintf("acctest%s", id)), - resource.TestCheckResourceAttr(dataSourceName, "homepage", fmt.Sprintf("http://acctest%s", id)), + resource.TestCheckResourceAttr(dataSourceName, "homepage", fmt.Sprintf("https://acctest%s", id)), resource.TestCheckResourceAttr(dataSourceName, "identifier_uris.#", "0"), resource.TestCheckResourceAttr(dataSourceName, "reply_urls.#", "0"), resource.TestCheckResourceAttr(dataSourceName, "oauth2_allow_implicit_flow", "false"), @@ -53,7 +53,7 @@ func TestAccDataSourceAzureRMAzureADApplication_byObjectIdComplete(t *testing.T) Check: resource.ComposeTestCheckFunc( testCheckAzureRMActiveDirectoryApplicationExists(dataSourceName), resource.TestCheckResourceAttr(dataSourceName, "name", fmt.Sprintf("acctest%s", id)), - resource.TestCheckResourceAttr(dataSourceName, "homepage", fmt.Sprintf("http://homepage-%s", id)), + resource.TestCheckResourceAttr(dataSourceName, "homepage", fmt.Sprintf("https://homepage-%s", id)), resource.TestCheckResourceAttr(dataSourceName, "identifier_uris.#", "1"), resource.TestCheckResourceAttr(dataSourceName, "reply_urls.#", "1"), resource.TestCheckResourceAttr(dataSourceName, "oauth2_allow_implicit_flow", "true"), @@ -82,7 +82,7 @@ func TestAccDataSourceAzureRMAzureADApplication_byName(t *testing.T) { Check: resource.ComposeTestCheckFunc( testCheckAzureRMActiveDirectoryApplicationExists(dataSourceName), resource.TestCheckResourceAttr(dataSourceName, "name", fmt.Sprintf("acctest%s", id)), - resource.TestCheckResourceAttr(dataSourceName, "homepage", fmt.Sprintf("http://acctest%s", id)), + resource.TestCheckResourceAttr(dataSourceName, "homepage", fmt.Sprintf("https://acctest%s", id)), resource.TestCheckResourceAttr(dataSourceName, "identifier_uris.#", "0"), resource.TestCheckResourceAttr(dataSourceName, "reply_urls.#", "0"), resource.TestCheckResourceAttr(dataSourceName, "oauth2_allow_implicit_flow", "false"), diff --git a/azurerm/data_source_builtin_role_definition.go b/azurerm/data_source_builtin_role_definition.go index 47f84469df1c..4384889d8d46 100644 --- a/azurerm/data_source_builtin_role_definition.go +++ b/azurerm/data_source_builtin_role_definition.go @@ -3,6 +3,7 @@ package azurerm import ( "fmt" + "github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-01-01-preview/authorization" "github.com/hashicorp/terraform/helper/schema" ) @@ -43,6 +44,22 @@ func dataSourceArmBuiltInRoleDefinition() *schema.Resource { Type: schema.TypeString, }, }, + "data_actions": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Set: schema.HashString, + }, + "not_data_actions": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Set: schema.HashString, + }, }, }, }, @@ -88,12 +105,12 @@ func dataSourceArmBuiltInRoleDefinitionRead(d *schema.ResourceData, meta interfa d.Set("description", props.Description) d.Set("type", props.RoleType) - permissions := flattenRoleDefinitionPermissions(props.Permissions) + permissions := flattenRoleDefinitionDataSourcePermissions(props.Permissions) if err := d.Set("permissions", permissions); err != nil { return err } - assignableScopes := flattenRoleDefinitionAssignableScopes(props.AssignableScopes) + assignableScopes := flattenRoleDefinitionDataSourceAssignableScopes(props.AssignableScopes) if err := d.Set("assignable_scopes", assignableScopes); err != nil { return err } @@ -101,3 +118,63 @@ func dataSourceArmBuiltInRoleDefinitionRead(d *schema.ResourceData, meta interfa return nil } + +func flattenRoleDefinitionDataSourcePermissions(input *[]authorization.Permission) []interface{} { + permissions := make([]interface{}, 0) + if input == nil { + return permissions + } + + for _, permission := range *input { + output := make(map[string]interface{}, 0) + + actions := make([]string, 0) + if permission.Actions != nil { + for _, action := range *permission.Actions { + actions = append(actions, action) + } + } + output["actions"] = actions + + dataActions := make([]interface{}, 0) + if permission.DataActions != nil { + for _, dataAction := range *permission.DataActions { + dataActions = append(dataActions, dataAction) + } + } + output["data_actions"] = schema.NewSet(schema.HashString, dataActions) + + notActions := make([]string, 0) + if permission.NotActions != nil { + for _, action := range *permission.NotActions { + notActions = append(notActions, action) + } + } + output["not_actions"] = notActions + + notDataActions := make([]interface{}, 0) + if permission.NotDataActions != nil { + for _, dataAction := range *permission.NotDataActions { + notDataActions = append(notDataActions, dataAction) + } + } + output["not_data_actions"] = schema.NewSet(schema.HashString, notDataActions) + + permissions = append(permissions, output) + } + + return permissions +} + +func flattenRoleDefinitionDataSourceAssignableScopes(input *[]string) []interface{} { + scopes := make([]interface{}, 0) + if input == nil { + return scopes + } + + for _, scope := range *input { + scopes = append(scopes, scope) + } + + return scopes +} diff --git a/azurerm/resource_arm_role_definition.go b/azurerm/resource_arm_role_definition.go index 81fac345e168..67a9cfa9cb74 100644 --- a/azurerm/resource_arm_role_definition.go +++ b/azurerm/resource_arm_role_definition.go @@ -250,6 +250,9 @@ func expandRoleDefinitionAssignableScopes(d *schema.ResourceData) []string { func flattenRoleDefinitionPermissions(input *[]authorization.Permission) []interface{} { permissions := make([]interface{}, 0) + if input == nil { + return permissions + } for _, permission := range *input { output := make(map[string]interface{}, 0) @@ -294,6 +297,9 @@ func flattenRoleDefinitionPermissions(input *[]authorization.Permission) []inter func flattenRoleDefinitionAssignableScopes(input *[]string) []interface{} { scopes := make([]interface{}, 0) + if input == nil { + return scopes + } for _, scope := range *input { scopes = append(scopes, scope) diff --git a/website/docs/d/builtin_role_definition.markdown b/website/docs/d/builtin_role_definition.markdown index 83d2580d27d9..8449134856c1 100644 --- a/website/docs/d/builtin_role_definition.markdown +++ b/website/docs/d/builtin_role_definition.markdown @@ -38,4 +38,6 @@ output "contributor_role_definition_id" { A `permissions` block contains: * `actions` - a list of actions supported by this role +* `data_actions` - a list of data actions supported by this role * `not_actions` - a list of actions which are denied by this role +* `not_data_actions` - a list of data actions which are denied by this role