Skip to content

Commit

Permalink
azurerm_eventhub_namespace: support for the network_rulesets proper…
Browse files Browse the repository at this point in the history
…ty (#4409)
  • Loading branch information
katbyte authored Sep 25, 2019
1 parent f948958 commit d5c4650
Show file tree
Hide file tree
Showing 3 changed files with 344 additions and 10 deletions.
210 changes: 202 additions & 8 deletions azurerm/resource_arm_eventhub_namespace.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,75 @@ func resourceArmEventHubNamespace() *schema.Resource {
ValidateFunc: validation.IntBetween(0, 20),
},

"network_rulesets": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Computed: true,
ConfigMode: schema.SchemaConfigModeAttr,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{

"default_action": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
string(eventhub.Allow),
string(eventhub.Deny),
}, false),
},

"virtual_network_rule": {
Type: schema.TypeList,
Optional: true,
ConfigMode: schema.SchemaConfigModeAttr,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{

// the API returns the subnet ID's resource group name in lowercase
// https://github.com/Azure/azure-sdk-for-go/issues/5855
"subnet_id": {
Type: schema.TypeString,
Required: true,
ValidateFunc: azure.ValidateResourceID,
DiffSuppressFunc: suppress.CaseDifference,
},

"ignore_missing_virtual_network_service_endpoint": {
Type: schema.TypeBool,
Optional: true,
},
},
},
},

"ip_rule": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
ConfigMode: schema.SchemaConfigModeAttr,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"ip_mask": {
Type: schema.TypeString,
Required: true,
},

"action": {
Type: schema.TypeString,
Optional: true,
Default: string(eventhub.NetworkRuleIPActionAllow),
ValidateFunc: validation.StringInSlice([]string{
string(eventhub.NetworkRuleIPActionAllow),
}, false),
},
},
},
},
},
},
},

"default_primary_connection_string": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -178,6 +247,27 @@ func resourceArmEventHubNamespaceCreateUpdate(d *schema.ResourceData, meta inter

d.SetId(*read.ID)

ruleSets, hasRuleSets := d.GetOk("network_rulesets")
if hasRuleSets {
rulesets := eventhub.NetworkRuleSet{
NetworkRuleSetProperties: expandEventHubNamespaceNetworkRuleset(ruleSets.([]interface{})),
}

// cannot use network rulesets with the basic SKU
if parameters.Sku.Name != eventhub.Basic {
if _, err := client.CreateOrUpdateNetworkRuleSet(ctx, resGroup, name, rulesets); err != nil {
return fmt.Errorf("Error setting network ruleset properties for EventHub Namespace %q (resource group %q): %v", name, resGroup, err)
}
} else {
// so if the user has specified the non default rule sets throw a validation error
if rulesets.DefaultAction != eventhub.Deny ||
(rulesets.IPRules != nil && len(*rulesets.IPRules) > 0) ||
(rulesets.VirtualNetworkRules != nil && len(*rulesets.VirtualNetworkRules) > 0) {
return fmt.Errorf("network_rulesets cannot be used when the SKU is basic")
}
}
}

return resourceArmEventHubNamespaceRead(d, meta)
}

Expand Down Expand Up @@ -207,8 +297,25 @@ func resourceArmEventHubNamespaceRead(d *schema.ResourceData, meta interface{})
d.Set("location", azure.NormalizeLocation(*location))
}

d.Set("sku", string(resp.Sku.Name))
d.Set("capacity", resp.Sku.Capacity)
if sku := resp.Sku; sku != nil {
d.Set("sku", string(sku.Name))
d.Set("capacity", sku.Capacity)
}

if props := resp.EHNamespaceProperties; props != nil {
d.Set("auto_inflate_enabled", props.IsAutoInflateEnabled)
d.Set("kafka_enabled", props.KafkaEnabled)
d.Set("maximum_throughput_units", int(*props.MaximumThroughputUnits))
}

ruleset, err := client.GetNetworkRuleSet(ctx, resGroup, name)
if err != nil {
return fmt.Errorf("Error making Read request on EventHub Namespace %q Network Ruleset: %+v", name, err)
}

if err := d.Set("network_rulesets", flattenEventHubNamespaceNetworkRuleset(ruleset)); err != nil {
return fmt.Errorf("Error setting `network_ruleset` for Evenhub Namespace %s: %v", name, err)
}

keys, err := client.ListKeys(ctx, resGroup, name, eventHubNamespaceDefaultAuthorizationRule)
if err != nil {
Expand All @@ -220,12 +327,6 @@ func resourceArmEventHubNamespaceRead(d *schema.ResourceData, meta interface{})
d.Set("default_secondary_key", keys.SecondaryKey)
}

if props := resp.EHNamespaceProperties; props != nil {
d.Set("auto_inflate_enabled", props.IsAutoInflateEnabled)
d.Set("kafka_enabled", props.KafkaEnabled)
d.Set("maximum_throughput_units", int(*props.MaximumThroughputUnits))
}

return tags.FlattenAndSet(d, resp.Tags)
}

Expand Down Expand Up @@ -283,3 +384,96 @@ func eventHubNamespaceStateStatusCodeRefreshFunc(ctx context.Context, client *ev
return res, strconv.Itoa(res.StatusCode), nil
}
}

func expandEventHubNamespaceNetworkRuleset(input []interface{}) *eventhub.NetworkRuleSetProperties {
if len(input) == 0 {
return nil
}

block := input[0].(map[string]interface{})

ruleset := eventhub.NetworkRuleSetProperties{
DefaultAction: eventhub.DefaultAction(block["default_action"].(string)),
}

if v, ok := block["virtual_network_rule"].([]interface{}); ok {
if len(v) > 0 {

var rules []eventhub.NWRuleSetVirtualNetworkRules
for _, r := range v {
rblock := r.(map[string]interface{})
rules = append(rules, eventhub.NWRuleSetVirtualNetworkRules{
Subnet: &eventhub.Subnet{
ID: utils.String(rblock["subnet_id"].(string)),
},
IgnoreMissingVnetServiceEndpoint: utils.Bool(rblock["ignore_missing_virtual_network_service_endpoint"].(bool)),
})
}

ruleset.VirtualNetworkRules = &rules
}
}

if v, ok := block["ip_rule"].([]interface{}); ok {
if len(v) > 0 {

var rules []eventhub.NWRuleSetIPRules
for _, r := range v {
rblock := r.(map[string]interface{})
rules = append(rules, eventhub.NWRuleSetIPRules{
IPMask: utils.String(rblock["ip_mask"].(string)),
Action: eventhub.NetworkRuleIPAction(rblock["action"].(string)),
})
}

ruleset.IPRules = &rules
}
}

return &ruleset
}

func flattenEventHubNamespaceNetworkRuleset(ruleset eventhub.NetworkRuleSet) []interface{} {
if ruleset.NetworkRuleSetProperties == nil {
return nil
}

vnetBlocks := make([]interface{}, 0)
if vnetRules := ruleset.NetworkRuleSetProperties.VirtualNetworkRules; vnetRules != nil {
for _, vnetRule := range *vnetRules {
block := make(map[string]interface{})

if s := vnetRule.Subnet; s != nil {
if v := s.ID; v != nil {
block["subnet_id"] = *v
}
}

if v := vnetRule.IgnoreMissingVnetServiceEndpoint; v != nil {
block["ignore_missing_virtual_network_service_endpoint"] = *v
}

vnetBlocks = append(vnetBlocks, block)
}
}
ipBlocks := make([]interface{}, 0)
if ipRules := ruleset.NetworkRuleSetProperties.IPRules; ipRules != nil {
for _, ipRule := range *ipRules {
block := make(map[string]interface{})

block["action"] = string(ipRule.Action)

if v := ipRule.IPMask; v != nil {
block["ip_mask"] = *v
}

ipBlocks = append(ipBlocks, block)
}
}

return []interface{}{map[string]interface{}{
"default_action": string(ruleset.DefaultAction),
"virtual_network_rule": vnetBlocks,
"ip_rule": ipBlocks,
}}
}
112 changes: 112 additions & 0 deletions azurerm/resource_arm_eventhub_namespace_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,54 @@ func TestAccAzureRMEventHubNamespace_standard(t *testing.T) {
})
}

func TestAccAzureRMEventHubNamespace_networkrule_iprule(t *testing.T) {
resourceName := "azurerm_eventhub_namespace.test"
ri := tf.AccRandTimeInt()

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMEventHubNamespaceDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMEventHubNamespace_networkrule_iprule(ri, testLocation()),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMEventHubNamespaceExists(resourceName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAzureRMEventHubNamespace_networkrule_vnet(t *testing.T) {
resourceName := "azurerm_eventhub_namespace.test"
ri := tf.AccRandTimeInt()

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMEventHubNamespaceDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMEventHubNamespace_networkrule_vnet(ri, testLocation()),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMEventHubNamespaceExists(resourceName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAzureRMEventHubNamespace_readDefaultKeys(t *testing.T) {
resourceName := "azurerm_eventhub_namespace.test"
ri := tf.AccRandTimeInt()
Expand Down Expand Up @@ -465,6 +513,70 @@ resource "azurerm_eventhub_namespace" "test" {
`, rInt, location, rInt)
}

func testAccAzureRMEventHubNamespace_networkrule_iprule(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}
resource "azurerm_eventhub_namespace" "test" {
name = "acctesteventhubnamespace-%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
sku = "Standard"
capacity = "2"
network_rulesets {
default_action = "Deny"
ip_rule {
ip_mask = "10.0.0.0/16"
}
}
}
`, rInt, location, rInt)
}

func testAccAzureRMEventHubNamespace_networkrule_vnet(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%[1]d"
location = "%[2]s"
}
resource "azurerm_virtual_network" "test" {
name = "acctvn-%[1]d"
address_space = ["10.0.0.0/16"]
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
}
resource "azurerm_subnet" "test" {
name = "acctsub-%[1]d"
resource_group_name = "${azurerm_resource_group.test.name}"
virtual_network_name = "${azurerm_virtual_network.test.name}"
address_prefix = "10.0.2.0/24"
}
resource "azurerm_eventhub_namespace" "test" {
name = "acctesteventhubnamespace-%[1]d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
sku = "Standard"
capacity = "2"
network_rulesets {
default_action = "Deny"
virtual_network_rule {
subnet_id = "${azurerm_subnet.test.id}"
ignore_missing_virtual_network_service_endpoint = true
}
}
}
`, rInt, location)
}

func testAccAzureRMEventHubNamespaceNonStandardCasing(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
Expand Down
Loading

0 comments on commit d5c4650

Please sign in to comment.